[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdesu in KRASH
From:       Dawit Alemayehu <adawit () earthlink ! net>
Date:       1999-09-23 2:07:00
[Download RAW message or body]

On Wed, 22 Sep 1999, David Faure wrote:
> On Wed, Sep 22, 1999 at 08:00:22PM +0200, Geert Jansen wrote:
> > Hiya,
> > 
> > I'd like to advocate for inclusion of kdesu in the KRASH release.
> > 
> > KDE su features:
> > 
> >     * graphical password dialog
> >     * automatic X authentication
> >     * (rather) secure password keeping
> > 
> > It is currently tested on:
> > 
> >     * Linux (w & w/o glibc 2.1, PAM, unix98 pty's)
> >     * Solaris 7 (intel)
> >   
> > Different scenarios are possible:
> > 
> > 1) All the way.
> > KDE su gets included in kdebase and all things requiring root priviliges
> > (kdm setup, kfm su, kvt su, ...) are called through kdesu.
> > 
> > 2) Not all the way.
> > KDE su in kdeuitls. It installs a new kfm su and kvt su .desktop entry.
> > 
> > IMHO 1) would be the best because we're making a graphical desktop here
> > and KDE su fits into this phylosophy.
> > 
> > KDE su can be found in kdenonbeta. If the password keeping feature worries 
> > people, we could disable it by default. 
> > 
> > Please comment!
> 
> Oh yes I love that.
> I really didn't want to reimplement kfmsu & kfmsu2 in konqueror.
> I vote for 1) :)
> 
> 
> Perhaps you can comment on the following bug report I got recently, and which
> is very related :
> 
> Package: kfm
> Version: 1.1.2
>  
> kfmsu2 calls "xhost +local:", which is insecure.
>  
> I suggest setting the XAUTHORITY environment for root to that of the user's to
> securely give root access to the display:
>  
> Remove "xhost +local:" and change su:
>  
> su - root -c "XAUTHORITY=$HOME/.Xauthority; DISPLAY=$DISPLAY; \
>     export XAUTHORITY DISPLAY; $kfm -sw >/dev/null"
>  
> I am using both Debian Slink and Redhat 6.0 with updates.  

Just out of curiousity ... Does anyone know in what sense the current kfmsu2
script is insecure i.e. what its vulernability is ?  The xhost man page states

"In the case of hosts, this provides a rudimentary form of privacy  control 
and security.  It is only sufficient for a workstation (single user)
environment, although it does limit the worst abuses.  Environments which
require more sophisticated  measures  should  implement the user-based
mechanism or use the hooks in the protocol for passing other authentication
data to the server."

Cheers,
Dawit A.

[prev in list] [next in list] [prev in thread] [next in thread]