Re: GNOME privilege library

On Thu, 2005-01-13 at 18:55 +0100, Xavier Bestel wrote:
> Le jeudi 13 janvier 2005 à 12:48 -0500, Sean Middleditch a écrit :
> > No.  In order to start any of these with privileges, you need a
> > privileged helper program - i.e., setuid.  LD_PRELOAD is disabled for
> > setuid binaries.
> What I meant is, ~/Downloads/random-trojan can start
> LD_PRELOAD=/tmp/ /usr/bin/gnome-procman
> and then executes itself with procman's name.

And how would that in anyway let the trojan invoke the backends with
privileges?  The setuid helper would be responsible for determining that
its parent (who launched it) is allowed to execute the target backend,
perhaps using the infromation in /proc (on Linux).

Or, as Mike said, if D-BUS is chosen as the backend, the security system
in D-BUS can be used.  (Which basically does the above, albeit more

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]