Problems of a desktop Linux distribution GUI sudo

Problems of a desktop Linux distribution GUI sudo

Tzafrir Cohen tzafrir at cohens.org.il
Mon Jun 14 13:21:49 IDT 2010 

On Mon, Jun 14, 2010 at 02:52:30AM -0700, Elazar Leibovich wrote:
> I think you're missing the very fundamental problem I was discussing.
> Sudo is great, having the default user in the admin group, enabling him to
> sudo everything is even better. But this applies only when working with the
> CLI.
> However, when using a GUI system, and administrating your system using the
> GUI, you're exposing the user to a great threat. When using the CLI no
> software can ask you for input, therefor if you sudo for anything it is
> definitely you who did that. It is very hard to trick the user into sudo'ing
> something he didn't want to.
> 
> When the user is administrating his system through the GUI, he will sudo a
> legitimate software by typing his password. It is even worse than that - the
> legitimate software which needs to be sudo'd will ask (by means of the
> taskbar) from time to time the user to leverage its permission by typing
> password.
> The authentication scheme the user employ in order to recognize who asked
> for permission is only the visual layout of the application. It is very easy
> for an attacker to make his software look like the update manager, and ask
> the user to update his software through the taskbar. If the casual user is
> used to typing his password every time the update manager asks him to update
> his system - he'll do that for hostile software which uses the update
> manager's icon as well. Even experienced users might be tricked, as you're
> having zero visual clue about the software identity.
> 
> Sudo here is *not* the problem, it's great. The problem is the
> authentication scheme the GUI sudo version employs in order to recognize
> which software asked for permission. In windows the authentication scheme
> seems to be through signed executables, in current version of Ubuntu the
> authentication scheme is zero.

Hmm... if a program managed to get in a position it can pop up a prompt,
it may also sniff your key-strokes.

It may also present you a false certification dialog. If you're used to
click through certification dialogs, you'll easily miss that.

It may also prompt you to update packages, which is quite legitimate,
but then after a minute run 'sudo chmod u+s /bin/bash' , while the sudo
credentials are still cached.

-- 
Tzafrir Cohen         | tzafrir at jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir at cohens.org.il |                    |  best
tzafrir at debian.org    |                    | friend

More information about the Linux-il mailing list