Re: Security hole in LXDE?
- Date: Mon, 27 Feb 2017 12:20:50 +0100
- From: Hans <hans.ullrich@xxxxxxx>
- Subject: Re: Security hole in LXDE?
> Check how synaptic is being started by the menu entry. Typically,
> synaptic will be started by /usr/bin/synaptic-pkexec, which uses
> policykit to authorise an effective su for a normal user. The executable
> synaptic is in /usr/sbin, so will probably not work from a menu.
Yes, it is as you said. There is /usr/bin/synaptic-pkexec
> I've changed the launcher to gksudo synaptic, which gives me explicit
> fine control with sudoers.
As I said: I do NOT use sudoers, and there is no entry or the user /etc/
> I suspect what you're seeing is as intended.
If so, then why not working so in KDE? And if this is intended, then this is a
bug and a security hole, which should be fixed.