Re: Security in GNOME

[James Henstridge <james daa com au>]

What I was talking about in my last message was the possibility of using
gsu/consolehelper as a trojan horse for collecting passwords, rather than
exploiting any buffer overflow or passing invalid data to the setuid part.

If either of these programs conforms to the user's selected theme then
someone who has compromised the user's account will be able to collect the
passwords entered into either of these utilities.  They would then be able
to gain root access later on with the normal su command.

They could do all this without modifying the actual gsu or consolehelper
binaries (so rpm --verify will not detect the problem) -- just upload a
single theme engine shared object and modify one configuration file.

James.

--
Email: james@daa.com.au
WWW:   http://www.daa.com.au/~james/


On Thu, 12 Aug 1999, Michael K. Johnson wrote:

> 
> Havoc Pennington writes:
> >It did used to be otherwise, unfortunately.
> 
> OK, so I'm not as senile as I thought.  :-)
> 
> >However James has a sensible
> >point about other possible holes... which probably apply to the PAM stuff
> >as well.
> 
> PAM itself is clean in this regard, and the setuid helper has been
> thoroughly vetted by several reviewers.  I think we're OK with it.
> 
> >We may need to think about how to avoid the problem; maybe with a
> >custom entry widget.
> 
> No, that doesn't help -- you need to do the data sanitization in the
> setuid part; if you don't sanitize all data in the setuid part, then
> you are right back at ground zero in terms of security.
> 
> michaelkjohnson
> 
> "Magazines all too frequently lead to books and should be regarded by the
>  prudent as the heavy petting of literature."            -- Fran Lebowitz
>  Linux Application Development     http://people.redhat.com/johnsonm/lad/
> 
> 
> -- 
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with 
>                        "unsubscribe" as the Subject.
>