Web lists-archives.com

Re: Security hole in LXDE?

On Mon, 27 Feb 2017 12:20:50 +0100
Hans <hans.ullrich@xxxxxxx> wrote:

> > Check how synaptic is being started by the menu entry. Typically,
> > synaptic will be started by /usr/bin/synaptic-pkexec, which uses
> > policykit to authorise an effective su for a normal user. The
> > executable synaptic is in /usr/sbin, so will probably not work from
> > a menu.  
> Yes, it is as you said. There is /usr/bin/synaptic-pkexec
> and /usr/sbin/synatic
> > 
> > I've changed the launcher to gksudo synaptic, which gives me
> > explicit fine control with sudoers.
> >   
> As I said: I do NOT use sudoers, and there is no entry or the
> user /etc/ sudoers. 
> > I suspect what you're seeing is as intended.  
> If so, then why not working so in KDE? And if this is intended, then
> this is a bug and a security hole, which should be fixed.

I use neither LXDE nor KDE, so I would be guessing, but generally menu
operation is a function of the desktop environment, and the KDE menu
call may not be using pkexec. Or it may be using pkexec, but with a
different policy in action.

I have the common problem of using an old installation, with no
recollection of the changes I have made over years to the default
settings. For as long as I can remember, I have intended to log every
change I make, and one day perhaps I will begin...