From kde-devel Wed Jan 06 10:59:28 1999 From: Date: Wed, 06 Jan 1999 10:59:28 +0000 To: kde-devel Subject: Re: Konsole - a security vs. portability problem X-MARC-Message: https://marc.info/?l=kde-devel&m=91560642113950 On Wed, 6 Jan 1999, Lars Doelle wrote: > In the moment, konsole offers a security hole that allows local users to > hijack/monitor the (root) sessions. The regular method to protect > against this, is to do a chmod/chown on one of the devices within the > emulation. Doing so would require konsole to be run root/suid, which > raises more severe problems then it solves. Because i strongly dislike > root/suid programs for many reasons, I've digged out an ioctl for Linux > which does as desired, basically for the price of the solution not being > portable to other UNIXes, eventually. > > Comments, anyone? If it isn't protable it isn't a solution. :-( There is a solution: Let konsole run suid root. In main() before you do anything else you pick a pty, chown you.users it, chmod go-rw it. Immediately thereafter you give up root privileges _completely and forever_! You might think you have a problem this way on exit because you can't chown root.root the pty. But that is not necessary!!!! All you must do is chmod go+wr on exit. And that you _can_ do without root privileges! This way you can do all the root stuff before you even touch KDE, Qt, and X. Should be fairly safe. Uwe ------------------------------------------------------------------------- Uwe Thiem Tel: +264 - 061 - 244511 P.O.Box 30955 Fax: +264 - 061 - 244511 Windhoek Email: uwe@uwix.alt.na Republic of Namibia uwe@kde.org http://www.kde.org ********************************** You can still escape from the GATES of hell: Use KDE! -------------------------------------------------------------------------