Security problems with sudo
Thiago Macieira
thiago at kde.org
Sun May 17 23:11:59 BST 2009
John Tapsell wrote:
>> This case would be no different then an ugly dialog box saying "I'm a
>> virus, please type your root password now" and the user doing it.
>
>Right. So how do we prevent that? It would be easy to trick even the
>most experienced developer. It could simply wait until kdesu is run
>then popup a dialog box on the top of it, looking exactly the same.
You prevent by closing the breaches by which unauthorised code would
execute in the first place. Once it's running, it's very hard to contain
it.
>> SAK wouldn't work here. If you're ssh'ing to root on a remote machine,
>> how is that remote machine going to grab your keyboard?
>
>Note sure what you mean here
I mean: "when you think about protecting your local system, think also how
you can protect the other machine you ssh into"
Any solution I've seen so far for tackling the local problem completely
ignores ssh'ing to remote machines.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090518/d72b44a8/attachment.sig>
More information about the kde-core-devel
mailing list