Security problems with sudo
Oswald Buddenhagen
ossi at kde.org
Mon May 18 11:29:49 BST 2009
On Mon, May 18, 2009 at 12:11:59AM +0200, Thiago Macieira wrote:
> John Tapsell wrote:
> >> This case would be no different then an ugly dialog box saying "I'm a
> >> virus, please type your root password now" and the user doing it.
> >
> >Right. So how do we prevent that? It would be easy to trick even the
> >most experienced developer. It could simply wait until kdesu is run
> >then popup a dialog box on the top of it, looking exactly the same.
>
> You prevent by closing the breaches by which unauthorised code would
> execute in the first place.
>
that's a nice idea, but far from reality.
> Once it's running, it's very hard to contain it.
>
containment is a basic principle of computer security, simply because it
is the best you can get. that's why we are discussing it now.
More information about the kde-core-devel
mailing list