Comment 2 for bug 310126
Revision history for this message
| Anders Kaseorg (andersk) wrote Re: failsafeXinit: “Open a terminal” option does not ask for a password! | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Thanks for the quick upload, but you’ve introduced a syntax error in /etc/gdm/
run_terminal() {
# Causes bug #310126
# gnome-terminal
}
This might be fortunate from a security standpoint, though, because “Open a terminal” is not the only possible attack on the menu. Some others that I found fairly quickly are
Troubleshoot the error → Review the xserver log file → File → Open → /etc/passwd
Troubleshoot the error → Review the startup errors → File → Open → /etc/passwd
Troubleshoot the error → Edit configuration file → File → Open → /etc/passwd
And who knows what damage you might be able to do even with just dexconf or xorgconf (setting a malicious ModulePath?).
Basically, all options other than “Run Ubuntu in low-graphics mode for just this session” are fundamentally dangerous; they need to be password-protected.