[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: KLineEdit Security
From:       "Martin T. Sandsmark" <sandsmark () samfundet ! no>
Date:       2009-05-21 14:49:00
Message-ID: 200905211649.00940.sandsmark () samfundet ! no
[Download RAW message or body]

On Thursday 21. May 2009 15:17:21 dantti85-dev@yahoo.com.br wrote:
> The idea is quite simple, when some application request
> a policy-kit authorization dialog [...]

... And then Mr. BadGuy has made sure to LD_PRELOAD in his own library, that 
neatly logs the right password, but otherwise looks identical.

The only solution I see is to not give the user root at all. And even then 
you're not completely safe (if he's allowed to add repositories or install 
unsigned packages, he will probably be able to run stuff as root anyways).

Anyways, getting root isn't the worst problem on most single-user linux 
workstations/laptops, since ~everything you care about is writable by your 
user.

-- 
martin t. sandsmark


 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]