Security problems with sudo
Martin T. Sandsmark
sandsmark at samfundet.no
Sun May 17 11:52:57 BST 2009
On Sunday 17. May 2009 12:39:31 John Tapsell wrote:
> Can this be solved at all?
If people have enough access to your account to be able to install and run
such a script, and you use sudo, you're fscked. What if they instead just
change your path, so their own version of sudo/kdesu gets used instead? Or
LD_PRELOAD in their own library, that saves your password somewhere handy, or
similar.
The best solution is probably to don't use sudo (no wai!), and instead fix the
PolicyKit integration, so users don't need to run things as root themselves.
--
martin t. sandsmark
More information about the kde-core-devel
mailing list