[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Security problems with kdesud
From: Matthias Hoelzer-Kluepfel <mhk () caldera ! de>
Date: 2001-01-09 8:38:37
[Download RAW message or body]
On Tue, 9 Jan 2001, Thomas wrote:
> > kdesud has a rather big security problem as noted last week on kde-cvs.
> >
> > An attacker with an account on the system can create a /tmp/kdesud_<pid>_:0
> > socket and wait for the user with <pid> to use kdesu to run a program as
> > root. When the user selects 'Keep Password' the root password will be send
> > to the attacker.
>
> What about simply unlinking it before you create a new one?
The you have another security problem, known as "/tmp race".
The attacker simply creates the socket in a loop, hoping that
his process will be scheduled between the time kdesud unlinks
and creates the new socket. Works better than one would think,
unfortunately.
Bye,
Matthias.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic