On Mon, Jul 1, 2013 at 2:11 PM, Bob Proulx <b...@proulx.com> wrote: > Joel Rees wrote: > > After the reboot, I decided to install the flashrom package, and after > the > > install finishes, I find in front of me what appears to be an > > execute-command-as dialog. > > > > No command. User selection popup list showing root. > > > > I assume it's the execute-as dialog, but I don't recall doing anything to > > get the dialog, so it's strange to see it. (Maybe my fingers moving by > > themselves when I find I can't stay awake?) > > This sounds like Bug#708548. This thread on debian-devel is > concerning this problem. > > http://lists.debian.org/debian-devel/2013/06/msg00341.html > > No resolution yet. But it is a big problem because it is training > people to fall prey to phishing attacks. > > Bob >
Thanks for the link. I can see that gdm3 is still evil. Maybe I should win the lottery so I can afford to write a decent *dm for XFCE. Or, rather, get a US credit card so I can put a project for it up on Kickstarter. Although, once I got that far, I'd probably start working on a properly sandboxing window/desktop manager. (Spawning sandboxed processes running as captive user ids that can't login is the true and proper solution for the whole issue of how to hide sudo passwords from keyloggers, not that Microsoft inspired, prove-you-have-the-admin-password-too approach. People don't realize how easy it is to drop a GUI capable executable on an account with current browsers, and booby-trap the user into executing it. Not to mention the tunnel-through-X-11-via-script-language approach. Yeah, I know how much work it would take, essentially pulling a Wayland, but with a different set of design objectives. And it would break a lot of applications, too, since the user doesn't want a separate file system sub-tree for every application, and there would have to be new APIs, etc.) (sigh) -- Joel Rees
