[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Konsole - a security vs. portability problem
From: <uwe () uwix ! alt ! na>
Date: 1999-01-06 20:35:04
[Download RAW message or body]
On Wed, 6 Jan 1999, Lars Doelle wrote:
> uwe@uwix.alt.na wrote:
>
> > On Wed, 6 Jan 1999, Lars Doelle wrote:
> >
> > > In the moment, konsole offers a security hole that allows local users to
> > > hijack/monitor the (root) sessions. The regular method to protect
> > > against this, is to do a chmod/chown on one of the devices within the
> > > emulation. Doing so would require konsole to be run root/suid, which
> > > raises more severe problems then it solves. Because i strongly dislike
> > > root/suid programs for many reasons, I've digged out an ioctl for Linux
> > > which does as desired, basically for the price of the solution not being
> > > portable to other UNIXes, eventually.
> > >
> > > Comments, anyone?
> >
> > If it isn't protable it isn't a solution. :-(
> >
> > There is a solution:
> >
> > Let konsole run suid root.
> >
> > In main() before you do anything else you pick a pty, chown you.users
> > it, chmod go-rw it. Immediately thereafter you give up root privileges
> > _completely and forever_!
> >
>
> Uwe, it always helps to post problems like this on the list. I wasn't really
> aware that i certainly can do that _without_ root priviledges.
>
> But there remain three issues. I'm opening _more_ then one connection
> eventually, so i cannot drop the priviledges without droping the "Session"
> feature also. Additionally, the concerned administrator of a system may not
> grant root/suid privileges to konsole just because someone uses it. As a last
> point, i'm not willing to accept the obligation to keep konsole unfailable
> during the whole devopment cycle.
Well, the 'session' feature is a killer argument. On systems where root
privileges are necessary the only secure way I can see is to drop the
sessions feature. I mean those who've chosen an inferior system have to
suffer a bit. ;-)
We have to address all security concers thouroughly.
Uwe
>
> >
> > You might think you have a problem this way on exit because you can't
> > chown root.root the pty. But that is not necessary!!!! All you must do
> > is chmod go+wr on exit. And that you _can_ do without root privileges!
> >
> > This way you can do all the root stuff before you even touch KDE, Qt,
> > and X. Should be fairly safe.
> >
> > Uwe
> >
> > -------------------------------------------------------------------------
> > Uwe Thiem Tel: +264 - 061 - 244511
> > P.O.Box 30955 Fax: +264 - 061 - 244511
> > Windhoek Email: uwe@uwix.alt.na
> > Republic of Namibia uwe@kde.org
> > http://www.kde.org
> > **********************************
> > You can still escape from the GATES of hell: Use KDE!
> > -------------------------------------------------------------------------
>
-------------------------------------------------------------------------
Uwe Thiem Tel: +264 - 061 - 244511
P.O.Box 30955 Fax: +264 - 061 - 244511
Windhoek Email: uwe@uwix.alt.na
Republic of Namibia uwe@kde.org
http://www.kde.org
**********************************
You can still escape from the GATES of hell: Use KDE!
-------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic