Re: GNOME privilege library

From: Alan Cox <alan lxorguk ukuu org uk>
To: Mike Hearn <mike navi cx>
Cc: desktop-devel-list gnome org, Xavier Bestel <xavier bestel free fr>
Subject: Re: GNOME privilege library
Date: Thu, 13 Jan 2005 19:02:19 +0000

On Iau, 2005-01-13 at 18:16, Mike Hearn wrote:
> A sudo that is automatically authenticated once you log in and only
> times out when the screensaver activates (or the system has been idle
> for X minutes) would better serve the idea of preventing random people
> walking up to the system and fiddling with it. But even that sucks
> because if you're in an environment where untrusted users have physical
> access to the box the best you can do is a screensaver/bios lock. Sudo
> doesn't achieve much as the users personal data is still vulnerable.

Thats sort of what the pam modules in Fedora do.

> suid root binaries have a few problems too eg, GTK+ refuses to run if
> you've got the suid bit set. They also need to be audited for security
> AND all the libraries they use do too - if there's a buffer overflow in
> your time/date applet that's now a local priv escalation exploit. 

Its rather more abusable typically - paranoid folks would generally
argue that you should actually fire up the "setuid" environment in an
Xnest that is not itself setuid nor running as the user in order to
isolate the app from the environment and X level abuse.

> Right now the list of things that require root is tuned for servers in
> big colo providers, eg beeping the speaker on Linux needs root. It's not

Untrue. Audio management is a user level matter. 

Alan

Follow-Ups:
- Re: GNOME privilege library
  - From: Mike Hearn

References:
- GNOME privilege library
  - From: Sean Middleditch
- Re: GNOME privilege library
  - From: Mike Hearn
- Re: GNOME privilege library
  - From: Xavier Bestel
- Re: GNOME privilege library
  - From: Mike Hearn

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]