Bug#474024: malicious applications can print text over gksu window
Timo Juhani Lindfors
timo.lindfors at iki.fi
Sat May 16 13:14:41 UTC 2009
Gustavo Noronha <kov at debian.org> writes:
> able to read the password by eavesdropping the X connection. However,
> this is ineffective against malicious applications that use ptrace() to
> capture the password. See http://bugs.debian.org/474024 for more info.
Doesn't this give the wrong impression? Somebody might disable ptrace
from their system and think they are safe?
In reality also ltrace (using LD_PRELOAD) can capture the password.
More information about the pkg-gnome-maintainers
mailing list