Whenever I put the root password into xfce Pol kit, I can run other root programs for about 10 seconds after the first Pol Kit prompt without having to enter root's password again. This give me the creeps.
For instance qemu-kvm's "virt-manager" pops a xfce pol kit prompt but flies right through if I have enter the pol kits root password somewhere else within the last 10 seconds.
Please fix. This is pretty big security hole.
xfce-polkit is not an official component, you should report at https://github.com/ncopa/xfce-polkit
That I did not know.
Thank you for the link! It make it really easy to report.
xfce pol kit lets others sneak in: