Proposing to host system-auth-agent in fdo

Carlos Garnacho carlosg at gnome.org
Wed Oct 13 18:35:01 EEST 2004 

On Wed, 2004-10-13 at 10:17 +0200, Alexander Larsson wrote:
> On Tue, 2004-10-12 at 19:05 +0200, Carlos Garnacho wrote:
> 
> > In order to avoid malicious use of the program/API, there's a list of
> > applications that are allowed to use the program, this list can be only
> > handled by the root user, and the package already provides 2 commands to
> > install/uninstall applications in that list (ideally, this will be
> > handled transparently, during make install, rpm -i, dpkg -i, ...), so
> > any application using this program will be there under the root user
> > consent.
> 
> I'd like to point out that the way this is handled:
> 
> static char*
> get_calling_app (void)
> {
>   pid_t ppid = 0;
>   char  path[PATH_MAX], *link;
>   int   length;
> 
>   ppid = getppid ();
>   sprintf (path, "/proc/%d/exe", ppid);
>   link = (char *) malloc (sizeof (char) * PATH_MAX);
>   
>   length = readlink (path, link, PATH_MAX);
> 
> Isn't very secure. Basically, to overcome it you only need to do:
> LD_PRELOAD=/tmp/evil_code.so /usr/bin/trusted_binary

While it's true that the program should unset those vars before exec'ing
the called application, the loader ignores any LD_PRELOAD or
LD_LIBRARY_PATH envvar if the running program is setuid/setgid, so it's
not an inmediate problem

> 
> Furthermore, the /proc use is linux-only.

I've found the equivalence in FreeBSD 5.3Beta1, and I'm sure that
Solaris gets this info from /proc too, it was created for things like
this

This /proc use might be a problem when/if there are python/perl/...
bindings, because that symlink would point to the interpreter, but I'm
sure that it can be fixed with a plugin system (or simply custom
functions) to parse /proc/$pid/cmdline. But anyway, I think that it's
the most secure way to know that the app is authorized to use the agent

	Carlos

> 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>  Alexander Larsson                                            Red Hat, Inc 
>                    alexl at redhat.com    alla at lysator.liu.se 
> He's a shy dishevelled romance novelist in a wheelchair. She's a vivacious 
> gold-digging femme fatale who dreams of becoming Elvis. They fight crime! 
>

More information about the xdg mailing list