When I log in, openbox starts and it lasts a bit until conky, background and the taskbar are loaded.
In this time you are able to get root access by running for example "gksudo thunar".
Then gksudo doesn't ask for a password.
Last edited by bp (2013-01-06 10:49:07)
^ I think k40s means that, during that brief period while Conky and Tint2 are loading, gksudo can launch applications as root without an initial dialog requesting the sudoers password. If this is indeed the case, then I think this does represent a vulnerability that can potentially be exploited by malicious software.