[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdesudo
From:       Ingo =?utf-8?q?Kl=C3=B6cker?= <kloecker () kde ! org>
Date:       2009-04-30 19:55:33
Message-ID: 200904302155.33711 () thufir ! ingo-kloecker ! de
[Download RAW message or body]


On Thursday 30 April 2009, John Tapsell wrote:
> 2009/4/30 Modestas Vainius <modestas@vainius.eu>:
> > Hello,
> >
> > On 2009 m. April 30 d., Thursday 10:52:00 John Tapsell wrote:
> >> Can you give a "user story"   for this?   A typical use case?
> >
> > I think you are exaggerating importance of root on a typical
> > desktop machine. A typical user is not going to use root frequently
> > so probability to infect the system and infect it within 15 minutes
> > since the last sudo run is very small.
>
> A malicious program simply needs to wait in the background until the
> user has entered the root password.  Then it can elevate its
> privillages to root.  The system doesn't need to be infected during
> the 15 minutes, but at _any_ time previously.

A malicious program simply needs to "replace" kdesudo.

If your user account is owned, then anything you do can (and probably 
will) be controlled and, if possible, used to get root privileges. The 
change you propose for kdesudo might give you a warm fuzzy feeling, but 
this feeling is a false sense of security. It will not increase the 
security of your system by a single bit.

If you don't do so already, then I suggest to read Bruce Schneier's blog 
every once in a while.


Regards,
Ingo

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]