[Xfce-bugs] [Bug 12282] [PATCH] xflock4: Do not override PATH with hardcoded value.
bugzilla-daemon at xfce.org
bugzilla-daemon at xfce.org
Fri Jan 29 14:59:32 CET 2016
https://bugzilla.xfce.org/show_bug.cgi?id=12282
--- Comment #2 from Jarno Suni <8 at iki.fi> ---
So isn't the solution then that system administer changes PATH so that it does
not contain user-writeable directories? Well, in terminal a regular user can
change PATH though.
I think it would be safer to check in xflock4 that the command is not
user-writeable and is owned by root. (I have a shell function for that.)
If the command told by an xfconf variable is used for locking, it can be
changed by regular user to run some command that might not lock anyway, but
supposedly not as harmful command.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Xfce-bugs
mailing list