PolicyKit and malware, was: What I HATE about F11
Richard W.M. Jones
rjones at redhat.com
Thu Jun 18 13:11:12 PDT 2009
On Thu, Jun 18, 2009 at 03:02:53PM -0400, Matthias Clasen wrote:
> On Thu, 2009-06-18 at 19:09 +0100, Richard W.M. Jones wrote:
> > On Thu, Jun 18, 2009 at 11:02:22AM -0400, Matthias Clasen wrote:
> > > The retained authorization is only valid for the subject that obtained
> > > it, which will typically be a process (identified by process id and
> > > start time) or a canonical bus name. And your malware does not have
> > > either.
> >
> > Can the malware inject code into the process which gained the
> > authentication (eg. using ptrace)?
>
> Once you have malware running in your session, there's probably more
> important stuff to worry about, like all your data in ~/.firefox...
Right, but this is about privilege escalation (malware trying to gain
root). However I agree that it's bad enough if you have any malware
in your session.
I'm only interested BTW. I'm not saying this is a real exploit :-)
> Anyway, further discussion about details of PolicyKit would be much
> better on polkit-devel at lists.freedesktop.org
CC'd.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/
More information about the polkit-devel
mailing list