'Re: Konsole - a security vs. portability problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Konsole - a security vs. portability problem
From:       Lars Doelle <lars.doelle () on-line ! de>
Date:       1999-01-06 14:16:25
[Download RAW message or body]

uwe@uwix.alt.na wrote:

> On Wed, 6 Jan 1999, Lars Doelle wrote:
>
> > In the moment, konsole offers a security hole that allows local users to
> > hijack/monitor the (root) sessions. The regular method to protect
> > against this, is to do a chmod/chown on one of the devices within the
> > emulation. Doing so would require konsole to be run root/suid, which
> > raises more severe problems then it solves. Because i strongly dislike
> > root/suid programs for many reasons, I've digged out an ioctl for Linux
> > which does as desired, basically for the price of the solution not being
> > portable to other UNIXes, eventually.
> >
> > Comments, anyone?
>
> If it isn't protable it isn't a solution. :-(
>
> There is a solution:
>
> Let konsole run suid root.
>
> In main() before you do anything else you pick a pty, chown you.users
> it, chmod go-rw it. Immediately thereafter you give up root privileges
> _completely and forever_!
>

Uwe, it always helps to post problems like this on the list. I wasn't really
aware that i certainly can do that _without_ root priviledges.

But there remain three issues. I'm opening _more_ then one connection
eventually, so i cannot drop the priviledges without droping the "Session"
feature also. Additionally, the concerned administrator of a system may not
grant root/suid privileges to konsole just because someone uses it. As a last
point, i'm not willing to accept the obligation to keep konsole unfailable
during the whole devopment cycle.

>
> You might think you have a problem this way on exit because you can't
> chown root.root the pty. But that is not necessary!!!! All you must do
> is chmod go+wr on exit. And that you _can_ do without root privileges!
>
> This way you can do all the root stuff before you even touch KDE, Qt,
> and X. Should be fairly safe.
>
> Uwe
>
> -------------------------------------------------------------------------
> Uwe Thiem                                        Tel: +264 - 061 - 244511
> P.O.Box 30955                                    Fax: +264 - 061 - 244511
> Windhoek                                         Email:   uwe@uwix.alt.na
> Republic of Namibia                                           uwe@kde.org
>                                                        http://www.kde.org
>                   **********************************
>          You can still escape from the GATES of hell: Use KDE!
> -------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic