Authorized clients

Alexander E. Patrakov patrakov at gmail.com
Fri Jan 3 08:09:43 PST 2014


2014/1/3 Maarten Baert <maarten-baert at hotmail.com>:
>
> So far your protocol sounded secure, but I think this is where it breaks
> down. You're leaving the Wayland server open to a confused deputy attack,
> and also a social engineering attack.

And also please consider the following "hammer-based" attack. A piece
of malware could repeatedly try to launch something privileged. It
looks like this. A polkit agent dialog appears, which is modal in most
cases. The user says "No". The dialog immediately appears again. The
user says "No". The dialog appears until the user authorizes the
malware to do its bad thing. Of course this is not specific to Wayland
or Weston, please run this piece of pseudo-malware to see what I mean:

while ! pkexec bash ; do echo "Too bad" ; done

So my opinion is that polkit dialogs should be avoided, or should have
some protection against this.

-- 
Alexander E. Patrakov


More information about the wayland-devel mailing list