severity 340284 important thanks On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote: > To reproduce this bug:
> su root and then load firefox from the term. Then launch firefox from > another unrelated and normal user terminal. The newly launched firefox reads > root's > profile and gets root's rights. This is not true. They are not unrelated; they are associated with the same display. firefox may not have worked as you expected, but it didn't give you any more rights than you already had -- this worked because *you* ran su from an X display that you were already logged into. If I even just run ssh -CX [EMAIL PROTECTED] -f firefox instead of su'ing directly, the firefox profiles are not shared. There is no evidence that arbitrary users are going to be able to get into root's firefox session this way. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
