[Xfce-bugs] [Bug 15298] New: xfce pol kit lets others sneak in

[bugzilla-daemon at xfce.org]

https://bugzilla.xfce.org/show_bug.cgi?id=15298

            Bug ID: 15298
           Summary: xfce pol kit lets others sneak in
    Classification: Xfce Core
           Product: Xfce4-session
           Version: Unspecified
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Medium
         Component: General
          Assignee: xfce-bugs at xfce.org
          Reporter: ToddAndMargo at zoho.com
  Target Milestone: Xfce 4.14

Fedora 29
Xfce 4.13

Dear Xfce,

Whenever I put the root password into xfce Pol kit, I can run other root
programs for about 10 seconds after the first Pol Kit prompt without having to
enter root's password again.  This give me the creeps.

For instance qemu-kvm's "virt-manager" pops a xfce pol kit prompt but flies
right through if I have enter the pol kits root password somewhere else within
the last 10 seconds.

Please fix.  This is pretty big security hole.

Many thanks,
-T

-- 
You are receiving this mail because:
You are the assignee for the bug.