Proposing to host system-auth-agent in fdo

Alexander Larsson alexl at redhat.com
Wed Oct 13 11:17:59 EEST 2004


On Tue, 2004-10-12 at 19:05 +0200, Carlos Garnacho wrote:

> In order to avoid malicious use of the program/API, there's a list of
> applications that are allowed to use the program, this list can be only
> handled by the root user, and the package already provides 2 commands to
> install/uninstall applications in that list (ideally, this will be
> handled transparently, during make install, rpm -i, dpkg -i, ...), so
> any application using this program will be there under the root user
> consent.

I'd like to point out that the way this is handled:

static char*
get_calling_app (void)
{
  pid_t ppid = 0;
  char  path[PATH_MAX], *link;
  int   length;

  ppid = getppid ();
  sprintf (path, "/proc/%d/exe", ppid);
  link = (char *) malloc (sizeof (char) * PATH_MAX);
  
  length = readlink (path, link, PATH_MAX);

Isn't very secure. Basically, to overcome it you only need to do:
LD_PRELOAD=/tmp/evil_code.so /usr/bin/trusted_binary

Furthermore, the /proc use is linux-only.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl at redhat.com    alla at lysator.liu.se 
He's a shy dishevelled romance novelist in a wheelchair. She's a vivacious 
gold-digging femme fatale who dreams of becoming Elvis. They fight crime! 




More information about the xdg mailing list