[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: kdesudo
From: John Tapsell <johnflux () gmail ! com>
Date: 2009-03-12 14:23:07
Message-ID: 43d8ce650903120723sc68ad85u5f5d0d8a1a97e0f9 () mail ! gmail ! com
[Download RAW message or body]
2009/2/24 John Tapsell <johnflux@gmail.com>:
> 2009/2/23 Parker Coates <parker.coates@gmail.com>:
>> On Mon, Feb 23, 2009 at 17:22, Thomas Lübking wrote:
>>> Am Monday 23 February 2009 schrieb Alex Merry:
>>>> On Monday 23 February 2009 05:34:26 John Tapsell wrote:
>>>> > A point brought up during the whole .desktop security problem, is
>>>> > kdesudo. It only prompts for the password once, and then from then on
>>>> > (for next X minutes), doesn't ask for the password again.
>>>> >
>>>> > So a program that wants to become root only has to wait until kdesudo
>>>> > has been run normally, and then can run kdesudo itself, elevating
>>>> > itself to root without the user knowing.
>>>>
>>>> This is a general problem with sudo. Even if we worked around it in
>>>> kdesudo, an application could still call sudo directly after such an
>>>> event,
>>>> unless the sudoers file sets the timeout to 0, as Pau mentioned.
>>>
>>> isn't sudo somehow shellwise restricted (i.e. if you e.g. sudo from one
>>> bash, you cannot sudo from another w/o re-entering the password)
>>
>> By default yes, but sudo can be configured to save the password across shells.
>>
>> Really, I don't think this is KDE's problem. sudo works the way it was
>> designed to work. KDE shouldn't be trying to adjust that behaviour.
>> Its security is largely dependent on its configuration, but that's the
>> distro's or the user's call, not KDE's.
>>
>> Parker
>
> I have talked to the sudo developers, and they have suggested that
> they overload the -k option to allow you to specify -k to sudo. The
> effect would be to neither read nor update the timeout value.
>
> So it seems that future version of sudo will support this.
>
> Trouble is, we would need to detect the version sudo to know whether
> to pass -k or not :-/ Or maybe just try with -k and if that fails
> retry without -k..
Woohoo, this is now in sudo.
From sudo version 1.7.1 there is now a -k option to ignore the
timestamp. (http://www.gratisoft.us/bugzilla/show_bug.cgi?id=201 )
The ball is now in our court to actually take advantage of this flag.
John Tapsell
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic