Comment 6 for bug 281877

Kees Cook (kees) wrote :

This is certainly a bug, but kdesudo is just a wrapper around sudo. While it does expand the arguments incorrectly, this isn't exploitable short of tricking someone to run kdesudo on a huge weird-looking commandline that would just fail anyway since glibc would block any use of %n. Unflagged as security.