kdesudo

John Tapsell johnflux at gmail.com
Tue Feb 24 02:39:10 GMT 2009


2009/2/23 Parker Coates <parker.coates at gmail.com>:
> On Mon, Feb 23, 2009 at 17:22, Thomas Lübking wrote:
>> Am Monday 23 February 2009 schrieb Alex Merry:
>>> On Monday 23 February 2009 05:34:26 John Tapsell wrote:
>>> > A point brought up during the whole .desktop security problem, is
>>> > kdesudo. It only prompts for the password once, and then from then on
>>> > (for next X minutes), doesn't ask for the password again.
>>> >
>>> > So a program that wants to become root only has to wait until kdesudo
>>> > has been run normally, and then can run kdesudo itself, elevating
>>> > itself to root without the user knowing.
>>>
>>> This is a general problem with sudo. Even if we worked around it in
>>> kdesudo, an application could still call sudo directly after such an
>>> event,
>>> unless the sudoers file sets the timeout to 0, as Pau mentioned.
>>
>> isn't sudo somehow shellwise restricted (i.e. if you e.g. sudo from one
>> bash, you cannot sudo from another w/o re-entering the password)
>
> By default yes, but sudo can be configured to save the password across shells.
>
> Really, I don't think this is KDE's problem. sudo works the way it was
> designed to work. KDE shouldn't be trying to adjust that behaviour.
> Its security is largely dependent on its configuration, but that's the
> distro's or the user's call, not KDE's.
>
> Parker

I have talked to the sudo developers, and they have suggested that
they overload the -k option to allow you to specify -k to sudo.  The
effect would be to neither read nor update the timeout value.

So it seems that future version of sudo will support this.

Trouble is, we would need to detect the version sudo to know whether
to pass -k or not :-/  Or maybe just try with -k and if that fails
retry without -k..

John




More information about the kde-core-devel mailing list