Re: GNOME privilege library



Le jeudi 13 janvier 2005 à 13:06 -0500, Sean Middleditch a écrit :
> On Thu, 2005-01-13 at 18:55 +0100, Xavier Bestel wrote:
> > Le jeudi 13 janvier 2005 à 12:48 -0500, Sean Middleditch a écrit :
> > > No.  In order to start any of these with privileges, you need a
> > > privileged helper program - i.e., setuid.  LD_PRELOAD is disabled for
> > > setuid binaries.
> > 
> > What I meant is, ~/Downloads/random-trojan can start
> > LD_PRELOAD=/tmp/trojan-crafted-lib.so /usr/bin/gnome-procman
> > and then executes itself with procman's name.
> 
> And how would that in anyway let the trojan invoke the backends with
> privileges?  The setuid helper would be responsible for determining that
> its parent (who launched it) is allowed to execute the target backend,
> perhaps using the infromation in /proc (on Linux).

Yes, that means you want to forbid applications that don't use only
system libraries (i.e. from /usr/lib or /lib), so:
- no custom libs from LD_LIBRARY_PATH
- no custom theme engine
- the application isn't allowed to load custom plugins

which all makes sense (no running of user code), but it is very
inconvenient. Maybe it's better to just be sure that the suid helper is
safe to be called by anyone.

	Xav





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]