The only way to avoid this class of exploit is to entirely separate adminstration and desktop work to two distinct users and X servers. As soon as you introduce *any* method of gaining administration rights into a user desktop session, you automatically open up the possibility or running trojans which can use the very same method.
Thus this is by no way a specific vulnerability of gksu, sudo, X.org, or a bug in the current implementation, it's a general property of such systems. But separating them entirely would be way too unusable. The bottom line is that you simply shouldn't run Trojan horses. :) ** Changed in: gksu (Ubuntu) Status: New => Invalid -- Malicious program run as user can compromise system https://bugs.launchpad.net/bugs/93964 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs