Security problems with sudo

John Tapsell johnflux at gmail.com
Sun May 17 15:52:17 BST 2009


2009/5/17 Thiago Macieira <thiago at kde.org>:
> John Tapsell wrote:
>>So create an ssh binary as well in the home directory :-D
>
> If you run infected programs, it's your own fault.

Just so we are talking about the same thing:

The user becomes infected by a virus, somehow.  This virus has normal
user privillages. It installs a few trojans, including a trojan ssh,
sudo etc programs in home and sets path.  It's purpose is to escalate
its privillages.

Question is - is there anything that can be done to prevent this
trojan from becomming root?

> This case would be no different then an ugly dialog box saying "I'm a
> virus, please type your root password now" and the user doing it.

Right.  So how do we prevent that?  It would be easy to trick even the
most experienced developer. It could simply wait until kdesu is run
then popup a dialog box on the top of it, looking exactly the same.

> SAK wouldn't work here. If you're ssh'ing to root on a remote machine, how
> is that remote machine going to grab your keyboard?

Note sure what you mean here

> --
>  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
>    PGP/GPG: 0x6EF45358; fingerprint:
>    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
>




More information about the kde-core-devel mailing list