Proposing to host system-auth-agent in fdo
Carlos Garnacho
carlosg at gnome.org
Sun Oct 24 18:33:09 EEST 2004
On Mon, 2004-10-18 at 09:06 +0200, Alexander Larsson wrote:
> On Sat, 2004-10-16 at 20:48 +0200, Carlos Garnacho wrote:
>
> > Ok, the program that uses the API could still be affected by LD_PRELOAD,
> > but let's suppose the next scenario:
> >
> > Joe tries to do weird stuff, writes a .so file that replaces getuid()
> > calls to impersonate Frank and tries to run "rm -rf /", runs
> > control-center with LD_PRELOAD
> >
> > 1) system-auth-manager will still know which is the calling user, as it
> > isn't affected by LD_PRELOAD
> >
> > 2) system-auth-manager will check that user Joe is allowed to run the
> > "rm" command, if he isn't, the root password will be requested, and the
> > whole LD_PRELOAD won't be effective at all.
>
> So, you're agreeing that the binary-name check doesn't help much? (Since
> you brought up the uid check instead.)
I've just uploaded the 0.0.2 version [1] which fixes this problem by
linking statically the library by default (adding ~50KB to the binary
size), one can still LD_PRELOAD to override read() and write() calls,
but that problem is intrinsic to any graphical auth application.
I've also uploaded a little gnome-based application [2] that uses the
system-auth-agent to run other applications as root, works quite fine as
a test application.
Carlos
[1] http://www.gnome.org/~carlosg/stuff/system-auth-agent/system-auth-agent-0.0.2.tar.gz
[2] http://www.gnome.org/~carlosg/stuff/gnome-auth/gnome-auth-0.0.1.tar.gz
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Alexander Larsson Red Hat, Inc
> alexl at redhat.com alla at lysator.liu.se
> He's an old-fashioned one-eyed grifter looking for a cure to the poison
> coursing through his veins. She's a mentally unstable hypochondriac Hell's
> Angel with a knack for trouble. They fight crime!
>
More information about the xdg
mailing list