Comment # 2 on bug 1232231 from Matthias Gerstner 
This is simply a pkexec action to run the mousepad editor as root. The devs
state themselves in the policy file:

```
<!-- SECURITY:
- A normal active user can run mousepad without elevated rights. They
  may wish to modify a file they normally do not have read/write access
  to. This isn't a good idea, but is common on single user systems.
-->
```

Indeed it isn't a good idea. Running a GUI application as root is not a great
idea. And writing files as root in potentially dangerious file system
locations is also not a great idea.

There is little that can be done to improve on this, though. auth_admin is
required and its only allowed for locally logged in users. People hopefully
know what they are doing when they invoke the editor with privileges.

You are receiving this mail because: