Good day.
I had to launch ROX-Filer as root using [Alt+F2] to change some gtk-3.0 settings. Since then, ROX-filer can be launched as root without asking a password even after logout, reboot, shutdown. Other applications ask password before launching but ROX-filer not. Please watch video:
========= SCRAPER REMOVED AN EMBEDDED LINK HERE ===========
url was:"https://files.inbox.lv/ticket/6f02f1fe0886f14414f6a1705008284f5e5b4e82/ROX_Security_Bug.mp4"
linktext was:"https://files.inbox.lv/ticket/6f02f1fe0 ... ty_Bug.mp4"
====================================
How can I make it launch as root normally, only after entering correct password?
4 posts
• Page 1 of 1
-
RademesPosts: 80
- Joined: 26 Dec 2016
#1
Last edited by Rademes on 24 Jan 2017, 10:28, edited 3 times in total.
-
reverseDogPosts: 64
- Joined: 13 Jul 2016
#2
Ha, I never noticed this before: antiX's sudoers configuration indeed allows the user to run"rox" as root without being prompted for a password.
To change this comment out the line
in file /etc/sudoers.d/antixers (by adding character # to the start of the line).
To change this comment out the line
Code: Select all
%users ALL=(root) NOPASSWD: /usr/bin/rox-
RademesPosts: 80
- Joined: 26 Dec 2016
#3
I have to ask, is it any good reason to allow run ROX file manager as root to everyone?
I think, this should be fixed, as it is a big security breach! Everyone can delete system files and modify their permissions.
I think, this should be fixed, as it is a big security breach! Everyone can delete system files and modify their permissions.
-
anticapitalista
Posts: 5,955
- Site Admin
- Joined: 11 Sep 2007
#4
Fixed in next update of antix-libs. User will need to answer Y(yes) to the question re antixers file.