Originally Posted by geekmaster
If you execute an arbitrary command from the search bar (using the same "semi-colon" hack), it runs as user "framework", which is worse than nobody. The only place it can write is to its own subdirectory on /tmp/. About the only thing it is good for is viewing the shadow file so you can crack it with "john the ripper". None of the "usual" privilege escalation methods worked, so I was not able to gain root access from the search bar.
So, I am surprised that this lipc command runs things as root.
That is what was reported.
But do not take my post as an indication that I confirmed the report.
Some additional confirmation would be nice to see from other users.