A new module-candidate for GNOME CVS (gnomesu)

[Philip Van Hoof <pvanhoof gnome org>]

Hi there,

A few years ago I developed a tiny tool which I then called GNOME Xsu.
It had several security and design problems which have all been
addressed.

Two years ago I decided that I was no longer interested in maintenance
of this little tool so I gave it's maintainership to Mark Finlay. 

Mark changed the name to gnomesu (GNOME SuperUser) and adapted it's
userinterface-code so that it made use of libglade-2 (the .glade-file
method).

Mark, however, passed away last year.

So I've picked up the project and crowned myself to it's maintainer.
Temporarily or permanent I don't know that yet. I am open for
maintainer-candidates.

Because some distributions and packages are depending upon gnomesu,
translation-people have been asking me about the tool. For example a
dutch translator wants the package to go into GNOME CVS (cvs.gnome.org).
Inclusion of the module on GNOME CVS would ease and speedup the
translation efforts for the module.

There is, however, one problem with gnomesu regarding including it with
the GNOME platform: it's not really platform independent because it
depends on a platform dependent tool or command line: 'su'.

Also, other distributions have other techniques for letting tools gain a
higher authorization. Fedora, for example, is using a consolehelper-
tool. It's, I think, something PAM-based. It's more or less integrated
with the distribution.

Nevertheless I am asking officially whether or not it's okay for me to
cvs import this at cvs.gnome.org. I have a CVS account already (which I
use for the modules 'gcm' and 'gnome-schedule'). For the time being I'll
take the responsibility of maintainership of the module myself.

.
.
.

For security considerations: the technique used by gnomesu is to create
an invisible zvt widget on which the su-binary is launched with a
generated argument-list (-c command). The application will then send the
password to it. The location of the su-binary is searched by the
configure-script and then hardcoded with a full-path in the binary. So
one cannot play with the PATH-environment variable of the current user
to get the root-password. The password is cleared from memory once it
has been send to the widget. The textbox which contained the password is
also cleared as soon as possible.

As far as I know is this technique more secure than launching the su-
command from an xterm terminal. But I haven't looked closely at the code
for nearly two full years. It might be full of security-issues and
problems at this moment. Honestly I don't think it will be that bad
actually.

More information: http://xsu.sourceforge.net/


-- 
Philip Van Hoof, Software Developer @ Cronos
home: me at freax dot org
gnome: pvanhoof at gnome dot org
work: philip dot vanhoof at cronos dot be
junk: philip dot vanhoof at gmail dot com
http://www.freax.be, http://www.freax.eu.org