Web lists-archives.com

Re: Security hole in LXDE?




> Check how synaptic is being started by the menu entry. Typically,
> synaptic will be started by /usr/bin/synaptic-pkexec, which uses
> policykit to authorise an effective su for a normal user. The executable
> synaptic is in /usr/sbin, so will probably not work from a menu.

Yes, it is as you said. There is /usr/bin/synaptic-pkexec
and /usr/sbin/synatic

> 
> I've changed the launcher to gksudo synaptic, which gives me explicit
> fine control with sudoers.
> 

As I said: I do NOT use sudoers, and there is no entry or the user /etc/
sudoers. 

> I suspect what you're seeing is as intended.

If so, then why not working so in KDE? And if this is intended, then this is a 
bug and a security hole, which should be fixed.

Hans