From kde-core-devel Mon Feb 23 22:23:35 2009 From: Thiago Macieira Date: Mon, 23 Feb 2009 22:23:35 +0000 To: kde-core-devel Subject: Re: kdesudo Message-Id: <200902232323.35969.thiago () kde ! org> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=123542787702993 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--nextPart1438954.PFk848x3nt" --nextPart1438954.PFk848x3nt Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Alex Merry wrote: >On Monday 23 February 2009 05:34:26 John Tapsell wrote: >> A point brought up during the whole .desktop security problem, is >> kdesudo. It only prompts for the password once, and then from then on >> (for next X minutes), doesn't ask for the password again. >> >> So a program that wants to become root only has to wait until kdesudo >> has been run normally, and then can run kdesudo itself, elevating >> itself to root without the user knowing. > >This is a general problem with sudo. Even if we worked around it in > kdesudo, an application could still call sudo directly after such an > event, unless the sudoers file sets the timeout to 0, as Pau mentioned. In other words, the moment that the trojan is executing, you're already=20 compromised. We have to protect against the point of entry. And the user shouldn't use=20 superuser more than strictly necessary. =2D-=20 Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358 --nextPart1438954.PFk848x3nt Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQBJoyHnM/XwBW70U1gRAhZFAKDBmgbT08+AxfeFxQhMEUtKhn75AwCff7YB FS9DR/6Vs2dZbieuQfAZkoE= =C67i -----END PGP SIGNATURE----- --nextPart1438954.PFk848x3nt--