Security problems with sudo
John Tapsell
johnflux at gmail.com
Mon May 18 10:04:24 BST 2009
2009/5/17 Martin T. Sandsmark <sandsmark at samfundet.no>:
> On Sunday 17. May 2009 12:39:31 John Tapsell wrote:
>> Can this be solved at all?
>
> If people have enough access to your account to be able to install and run
> such a script, and you use sudo, you're fscked. What if they instead just
> change your path, so their own version of sudo/kdesu gets used instead? Or
> LD_PRELOAD in their own library, that saves your password somewhere handy, or
> similar.
Right
> The best solution is probably to don't use sudo (no wai!), and instead fix the
> PolicyKit integration, so users don't need to run things as root themselves.
How does PolicyKit get round all the problems you just mentioned?
John
More information about the kde-core-devel
mailing list