Security problems with sudo
Thiago Macieira
thiago at kde.org
Sun May 17 13:40:40 BST 2009
John Tapsell wrote:
>2009/5/17 Thiago Macieira <thiago at kde.org>:
>> John Tapsell wrote:
>>> Now the question is.. is there any way to protected against this?
>>
>> No. If your environment is already infected, your using of sudo gives
>> the privilege elevation.
>>
>> If you want to protect against that, don't elevate privileges using
>> sudo. Use ssh -Y.
>
>How would that work? If you run ssh locally, you have the same
>problems. A program could simply run a key logger. If you run
>remotely but ssh in as the user first, then you have the same problem.
> If you run remotely and ssh in directly as root, then that goes
>against the usual restriction to prevent remote root login.
I think ssh-askpass grabs the keyboard, which means it won't work if
something else grabbed the keyboard.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090517/b9786d59/attachment.sig>
More information about the kde-core-devel
mailing list