PolicyKit and malware, was: What I HATE about F11

Richard W.M. Jones rjones at redhat.com
Thu Jun 18 13:11:12 PDT 2009


On Thu, Jun 18, 2009 at 03:02:53PM -0400, Matthias Clasen wrote:
> On Thu, 2009-06-18 at 19:09 +0100, Richard W.M. Jones wrote:
> > On Thu, Jun 18, 2009 at 11:02:22AM -0400, Matthias Clasen wrote:
> > > The retained authorization is only valid for the subject that obtained
> > > it, which will typically be a process (identified by process id and
> > > start time) or a canonical bus name. And your malware does not have
> > > either.
> > 
> > Can the malware inject code into the process which gained the
> > authentication (eg. using ptrace)?
> 
> Once you have malware running in your session, there's probably more
> important stuff to worry about, like all your data in ~/.firefox...

Right, but this is about privilege escalation (malware trying to gain
root).  However I agree that it's bad enough if you have any malware
in your session.

I'm only interested BTW.  I'm not saying this is a real exploit :-)

> Anyway, further discussion about details of PolicyKit would be much
> better on polkit-devel at lists.freedesktop.org

CC'd.

Rich.

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/


More information about the polkit-devel mailing list