https://bugzilla.novell.com/show_bug.cgi?id=428963
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=428963#c52
Ludwig Nussel changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
--- Comment #52 from Ludwig Nussel 2008-10-27 05:16:38 MDT ---
the fix looks
a) wrong
b) dangerous
wrong because why should root access a user's session bus? What does root want
to call there? Could it be that this is by accident and some gui su program
calls su instead of su - therefore preserving DBUS_SESSION_BUS_ADDRESS?
dangerous because libdbus will autolaunch a session bus if there is none. In
that case there are dbus-launch processes hanging around that expose the
necessary arguments to reconstruct the session bus address. Therefore any user
can gain access to the session bus.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.