Problems of a desktop Linux distribution GUI sudo

Problems of a desktop Linux distribution GUI sudo

Tzafrir Cohen tzafrir at cohens.org.il
Mon Jun 14 16:54:57 IDT 2010


On Mon, Jun 14, 2010 at 05:36:33AM -0700, Elazar Leibovich wrote:
> 1) I'm not sure sniffing your keyboard and recognizing when you type your
> password is so easy, but I might be wrong.
> 2) I believe that there's some mechanism which prevents any other software
> to mask graphically the authentication dialog, so that if you're seeing the
> real authentication dialog - you can trust what you see.

It's not about masking one. It's about faking one.

> 
> However using Vista signed executable idea, for instance none of this could
> happen, since every time a program asks for privilege leverage the dialog
> box states explicitly which executable is asking for it, and you never write
> your own password except in login, so whatever the malicious program does it
> cannot get root privileges.

"Never" is a very strong word. The main problem here is that you'll
eventually need to run "untrusted" binaries for varius reasons. And thus
you'll get used to bypassing that mechnism on a regular basis.

Not to mention that "trusted" binaries may do way to much. For instance,
/bin/bash is a trusted binary on your Linux system. It is instealled
from a signed package. Yet chmod s+u /bin/bash is not such a grand idea.
Trusting any signed binaries sounds all too much like a generic sudo
line. It might be a good solution, but not for this problem.

Again, look into the *Kit stuff, if sudo is not good enough for you.

-- 
Tzafrir Cohen         | tzafrir at jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir at cohens.org.il |                    |  best
tzafrir at debian.org    |                    | friend



More information about the Linux-il mailing list