Security problems with sudo

Martin T. Sandsmark sandsmark at samfundet.no
Sun May 17 11:52:57 BST 2009


On Sunday 17. May 2009 12:39:31 John Tapsell wrote:
>   Can this be solved at all?

If people have enough access to your account to be able to install and run 
such a script, and you use sudo, you're fscked. What if they instead just 
change your path, so their own version of sudo/kdesu gets used instead? Or 
LD_PRELOAD in their own library, that saves your password somewhere handy, or 
similar.

The best solution is probably to don't use sudo (no wai!), and instead fix the 
PolicyKit integration, so users don't need to run things as root themselves.

-- 
martin t. sandsmark






More information about the kde-core-devel mailing list