I've developed Thunar custom actions that provide "Open root terminal here" and "vi as root" but am concerned about security.
At the core of the mechanism, a non-root Thunar user writes a temporary file and then starts a terminal emulator which runs su - and (after su authentication) executes bash with --rcfile <temporary file>. Thus root executes commands in the temporary file which is writeable by a non-root user.
The temporary file is exposed for as long as it takes to create and populate it and for the user to enter root's password and press Enter plus authentication and bash startup time. To mitigate the risk the temporary file is created using /usr/bin/mktemp so has a randomised name and 600 permissions.
Would it be possible for a non-root user that had been able to assume the user's credentials (a better word?) to detect the file creation (inotify or otherwise?) and thus modify the file and have arbitrary commands executed as root? If so can this be solved?