[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdesu sgid nogroup?
From:       Waldo Bastian <bastian () kde ! org>
Date:       2001-01-21 22:56:39
[Download RAW message or body]

On Sunday 21 January 2001 02:01, you wrote:
> > Hi Geert,
> >
> > I noticed that you were alive :-)
>
> Hehe :) Yes I've been very busy with graduating and I don't multitask well.
> In April I will  graduate and after that I want to work on KDE again for
> some time.
>
> > There was some discussion last week or so about kdesu which
> > resulted in some
> > changes. One of the questions was why kdesud is running sgid
> > nogroup? Olaf
> > Kirch suggested that if it is only to prevent core-dumps, it
> > would be easier
> > to use setrlimit() to set the core size to 0.
>
> Noooo...! :) It is absolutely essential for security that kdesud is sgid
> <something>. Plain text passwords are stored in the daemon. We want to
> shield these passwords from everyone, including the user!
>
> The fundamental complaint against password keeping is that you are lowering
> root's security level to that of a normal user. For example, if a user has
> root's password cached, a hacker only needs to compromise this user
> account, in order to get root. Hence, root's security level is lowered to
> that of a normal user.

I see. It would still be lowered of course, because with access to the user's 
account it would be simple to do a man in the middle attack, but it would 
make it harder to retrieve previously entered passwords.

> The solution implemented in kdesu is the client/daemon separation. Clients
> can store a password in the daemon. On request, the daemon will execute the
> associated command. But never the daemon returns a password to the client.
>
> This will only work if there's no other way a user can access the passwords
> in the daemon. This is where the sgid thing is for. It disables external
> access to the daemon, think of ptrace() and /proc/<pid>/.
>
> As I'm not subscribed to the kde lists right now, could you forward this to
> the people involved in the discussion?

I will.

Cheers,
Waldo
-- 
bastian@kde.org | SuSE Labs KDE Developer | bastian@suse.com

[prev in list] [next in list] [prev in thread] [next in thread]