Security issue: xfce pol kit allow others to sneak through

Randy Dunlap rdunlap at infradead.org
Wed May 27 08:51:25 CEST 2020


On 5/26/20 10:12 PM, ToddAndMargo wrote:
> On 2020-05-26 13:21, Chris Green wrote:
>> ToddAndMargo <ToddAndMargo at zoho.com> wrote:
>>> Hi All,
>>>
>>> Security issue
>>>
>>> Xfce 4.14
>>> Fedora 32, x64
>>>
>>> There is a security issue where in if you are prompted
>>
>> Did you mean "... issue wherein if ..." or something else?  It *is*
>> important in this sort of context IMHO.

Yes, I think that T&M meant "wherein".

>>
> 
> No sure what the nuance is you are looking for..
> 
> If you start a program that triggers an xfce polkit
> prompt for the root's password, after entering the password,
> you can sneak other programs though that also trigger
> the xfce polkit, if you are quick enough.
> _______________________________________________
> Xfce mailing list
> Xfce at xfce.org
> https://mail.xfce.org/mailman/listinfo/xfce
> http://www.xfce.org


-- 
~Randy
Reported-by: Randy Dunlap <rdunlap at infradead.org>


More information about the Xfce mailing list