[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdesudo
From:       Pau Garcia i Quiles <pgquiles () elpauer ! org>
Date:       2009-02-23 8:46:59
Message-ID: 3af572ac0902230046v5c2587cdh27fc512ca36ec9f4 () mail ! gmail ! com
[Download RAW message or body]

On Mon, Feb 23, 2009 at 6:34 AM, John Tapsell <johnflux@gmail.com> wrote:
> A point brought up during the whole .desktop security problem, is
> kdesudo.  It only prompts for the password once, and then from then on
> (for next X minutes), doesn't ask for the password again.
>
> So a program that wants to become root only has to wait until kdesudo
> has been run normally, and then can run kdesudo itself, elevating
> itself to root without the user knowing.
>
>
> Is there anything that we can do to make this more secure?
>
> What's the actual use case for why we remember the password?

IIRC, "we" do not remember the password. Kdesudo is just a wrapper
around sudo, and it's sudo the one to blame for remembering the
password. From 'man sudo':

"Once a user has been authenticated, a timestamp is updated and the
user may then use sudo without a password for a short period of time
(15 minutes unless overridden in sudoers)."

I only know 2 ways to avoid sudo remembering the password:

- Edit /etc/sudoers and add "timestamp_timeout=0" for the user. Not an
option for kdesudo.
- Running 'sudo -k' or 'sudo -K' (they are slightly different) right
after running the command kdesudo was told to run. But what happens if
the user tries to run 'kdesudo mv /usr/bin/sudo /usr/bin/sudohack' ?
No 'sudo -k' would be run, so credentials are still available to
'sudohack'.

-- 
Pau Garcia i Quiles
http://www.elpauer.org
(Due to my workload, I may need 10 days to answer)
[prev in list] [next in list] [prev in thread] [next in thread]