https://bugzilla.novell.com/show_bug.cgi?id=428963
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=428963#c66
--- Comment #66 from Ludwig Nussel
Well - unless I'm mistaken we didn't commit the (frankly silly) <allow user="*" /> but we added the <allow user="root"/> - at least I hope we did.
There's no real immediate security problem then. As Timo pointed having root access the session dbus may have unexpected side effects though. gnomesu really should clean the environment and only pass selected variables through, just like su -. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.