Re: PPP, Mount/Unmount

From: Michael Dennis <miked kerneltech com>
To: gnome-list gnome org
Subject: Re: PPP, Mount/Unmount
Date: Wed, 11 Aug 1999 13:56:05 -0600

James Aylett wrote:

> On Wed, Aug 11, 1999 at 09:15:47AM -0600, Michael Dennis wrote:
>
> [Snip: Tom Gilbert's explanation]
> > So what you are saying is that root utilities such as software installation
> > should only be done via command line?
>
> I don't think anyone's saying this; however they _are_ saying that it's (a)
> difficult, and (b) inadvisable, to have a system whereby a normal user can
> run an installation program, have it prompt them for a root password, and
> then go on.
>
> Apologies if you already know the following ...
>
> Basically, the problem is that in order for this to happen, you have to have
> a program somewhere that is setuid root. Try this:
>
> $ ls -l `which su`
> -rwsr-xr-x   1 root     root         9512 Jun  2 14:59 /bin/su
>
> The 's' means that when run, /bin/su runs as root (which it needs to be able
> to do to do its job). However this is a potential security hole - anything
> that automatically runs as root, no matter which user invokes it, has the
> potential, if it has a certain type of bug in it, to enable _any_ user to
> run _any_ command as root - this is clearly a security problem.
>
> In order to get a graphical prompt asking for a password, practically
> speaking, needs a graphical program somewhere to be setuid root. While it's
> fairly easy to audit /bin/su to make sure it's secure (since it's not a very
> complex program), but graphical programs are always more complex and so it's
> much harder to check them.
>
> In particular, none of the GNOME libraries, as I understand it, have been
> audited for security, so if someone wrote a nice GNOME root-password-box
> thing, virtually everything it calls would have to be audited, which would
> take quite a while :-(
>
> > Maybe a su version of a graphical RPM installer which prompts you for your
> > root password would be nice?
>
> It might be, but it's a risk. There's a possibility someone can come up with
> a smart way of using su (or, more likely, something like sudo/fakeroot,
> which are designed to allow ordinary users to securely run other programs as
> root without those other programs needing to be setuid root) to allow this,
> of course. It's still got security issues, because the password as you type
> in will be pushed around at the very least the local system, which can be
> vulnerable ...
>
> Cheers,
> James
>
> --
> /--------------------------------------------------------------------------\
>   James Aylett                                           www.zap.uk.eu.org
>   james@tartarus.org                                    www.footlights.org

I agree that we don't want to sacrifice Linux security for ease of use, but maybe
someone could come up with a creative way to deal with both.  My ideas obviously
don't cover every base but maybe they can stimulate some thought on something
that I think is a bit tricky for a novice user and that they commonly need to do.

Mike.

Follow-Ups:
- Re: PPP, Mount/Unmount
  - From: Michael K. Johnson
- Security in GNOME
  - From: Cody Russell

References:
- Re: GNOME Usability Improvements - Fix the window manager!
  - From: Thomas Hedler
- Re: GNOME Usability Improvements - Fix the window manager!
  - From: Michael Stearne
- Re: PPP, Mount/Unmount
  - From: Michael Dennis
- Re: PPP, Mount/Unmount
  - From: Tom Gilbert
- Re: PPP, Mount/Unmount
  - From: Michael Dennis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]