Posted by: Anonymous Coward
on February 27, 2007 03:41 PM
The answer is "poorly". Any user in the admin group is allowed to use sudo (or GTKsu) to execute anything. What it probably should do is use a whitelist of applications that may actually need root access, and only allow the GTKsu to run those applications. But it doesn't, so any program could try to re-launch itself with root access, hoping the user will just allow it.
Command-line sudo should probably be left alone - you could potentially want to run any command as root from the command line, even if there are only a small number of GUI apps that you'd want to run as root. Either that, or you need a real root account.
Some kind of mandatory access control system (SELinux, RSBAC, GrSecurity) would be better, but much more difficult.
Learn about Linux
Download Linux
Get Linux help
Re:Linux Anti-Virus
Posted by: Anonymous Coward on February 27, 2007 03:41 PMCommand-line sudo should probably be left alone - you could potentially want to run any command as root from the command line, even if there are only a small number of GUI apps that you'd want to run as root. Either that, or you need a real root account.
Some kind of mandatory access control system (SELinux, RSBAC, GrSecurity) would be better, but much more difficult.
#