Re: Security in GNOME
- From: James Henstridge <james daa com au>
- To: Havoc Pennington <hp redhat com>
- cc: "Michael K. Johnson" <johnsonm redhat com>, gnome-list gnome org
- Subject: Re: Security in GNOME
- Date: Thu, 12 Aug 1999 23:30:23 +0800 (WST)
With gsu, you will have to make sure that the graphical part does not use
the user's theme or any other gtk modules.
I can just imagine someone breaking into a system, and setting up a RC
file for gsu that uses a custom theme engine. Then inside the theme
engine it sets up an emission hook to wait for any GtkEntry widgets to be
created. It would then be possible to connect to the "changed" signal of
the entry and monitor the root password as the normal user types it in.
Its hard enough auditing a program without the configuration files
inserting arbitrary executable code when the user runs it.
James.
--
Email: james@daa.com.au
WWW: http://www.daa.com.au/~james/
On Thu, 12 Aug 1999, Havoc Pennington wrote:
>
> On Thu, 12 Aug 1999, Michael K. Johnson wrote:
> >
> > Unfortunately, incorrect. All the libraries on which it depends and which
> > manipulate user-supplied or user-manipulable input must also be audited.
> > Since auditing gtk/gdk/glib/theme-engines after every single source code
> > change is a huge job that no one has undertaken, making gsu secure is a
> > significantly harder task.
> >
>
> gsu has a sort of slave process, which is just GNU su that works via pipes
> instead of asking for the password on the terminal. So it's not that bad.
> It just needs to be checked so we know the pipes stuff hasn't opened any
> holes.
>
> > Another idea: I could try to export usermode's capabilities via a
> > library and gsu could require this library interface. Distributions
> > without PAM could export the same interface. As long as you have the
> > interface, gsu works. I'll think about that.
> >
>
> Sounds worthwhile.
>
> > The way I see it, consolehelper is more flexible because it will be
>
> But the PAM stuff is clearly a good bit nicer on platforms that have it.
>:-)
>
> Havoc
>
>
>
> --
> FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
> To unsubscribe: mail gnome-list-request@gnome.org with
> "unsubscribe" as the Subject.
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
