[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Security problems with sudo
From:       Thiago Macieira <thiago () kde ! org>
Date:       2009-05-17 13:42:36
Message-ID: 200905171542.43973.thiago () kde ! org
[Download RAW message or body]


John Tapsell wrote:
>2009/5/17 Thiago Macieira <thiago@kde.org>:
>> John Tapsell wrote:
>>>2009/5/17 Thiago Macieira <thiago@kde.org>:
>>>> John Tapsell wrote:
>>>>>  Now the question is..  is there any way to protected against this?
>>>>
>>>> No. If your environment is already infected, your using of sudo
>>>> gives the privilege elevation.
>>>>
>>>> If you want to protect against that, don't elevate privileges using
>>>> sudo. Use ssh -Y.
>>>
>>>How would that work?  If you run ssh locally, you have the same
>>>problems.  A program could simply run a key logger.  If you run
>>>remotely but ssh in as the user first, then you have the same problem.
>>> If you run remotely and ssh in directly as root, then that goes
>>>against the usual restriction to prevent remote root login.
>>
>> I think ssh-askpass grabs the keyboard, which means it won't work if
>> something else grabbed the keyboard.
>
>Okay so the evil problem simply supplies their own ssh-askpass
>program, installed to the users home directory, and modifies .bashrc
>to add that directory to the front of the path.

I think ssh is a bit more intelligent than that.

-- 
  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]