kdesudo

Pau Garcia i Quiles pgquiles at elpauer.org
Mon Feb 23 08:46:59 GMT 2009


On Mon, Feb 23, 2009 at 6:34 AM, John Tapsell <johnflux at gmail.com> wrote:
> A point brought up during the whole .desktop security problem, is
> kdesudo.  It only prompts for the password once, and then from then on
> (for next X minutes), doesn't ask for the password again.
>
> So a program that wants to become root only has to wait until kdesudo
> has been run normally, and then can run kdesudo itself, elevating
> itself to root without the user knowing.
>
>
> Is there anything that we can do to make this more secure?
>
> What's the actual use case for why we remember the password?

IIRC, "we" do not remember the password. Kdesudo is just a wrapper
around sudo, and it's sudo the one to blame for remembering the
password. From 'man sudo':

"Once a user has been authenticated, a timestamp is updated and the
user may then use sudo without a password for a short period of time
(15 minutes unless overridden in sudoers)."

I only know 2 ways to avoid sudo remembering the password:

- Edit /etc/sudoers and add "timestamp_timeout=0" for the user. Not an
option for kdesudo.
- Running 'sudo -k' or 'sudo -K' (they are slightly different) right
after running the command kdesudo was told to run. But what happens if
the user tries to run 'kdesudo mv /usr/bin/sudo /usr/bin/sudohack' ?
No 'sudo -k' would be run, so credentials are still available to
'sudohack'.

-- 
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)




More information about the kde-core-devel mailing list