D12732: Implement a more user-friendly run-as-root-or-sudo behavior
Nicolas Fella
noreply at phabricator.kde.org
Tue May 8 23:35:38 BST 2018
nicolasfella added a comment.
AFAIU the exploit works like this:
A user has a normal, non-root session running which is infected with a malicious program. The program now waits until the user is running 'sudo dolphin' and now can use the exploit to gain elevated privileges.
If the user is running as root anyway there is no additional harm, because most likely the malicious program will have root privileges anyway.
REPOSITORY
R318 Dolphin
REVISION DETAIL
https://phabricator.kde.org/D12732
To: ngraham, #dolphin, graesslin
Cc: emmanuelp, zzag, nicolasfella, elvisangelaccio, Fuchs, mmustac, markg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20180508/30849c0b/attachment.htm>
More information about the kfm-devel
mailing list