Proposing to host system-auth-agent in fdo
Carlos Garnacho
carlosg at gnome.org
Wed Oct 13 18:35:01 EEST 2004
On Wed, 2004-10-13 at 10:17 +0200, Alexander Larsson wrote:
> On Tue, 2004-10-12 at 19:05 +0200, Carlos Garnacho wrote:
>
> > In order to avoid malicious use of the program/API, there's a list of
> > applications that are allowed to use the program, this list can be only
> > handled by the root user, and the package already provides 2 commands to
> > install/uninstall applications in that list (ideally, this will be
> > handled transparently, during make install, rpm -i, dpkg -i, ...), so
> > any application using this program will be there under the root user
> > consent.
>
> I'd like to point out that the way this is handled:
>
> static char*
> get_calling_app (void)
> {
> pid_t ppid = 0;
> char path[PATH_MAX], *link;
> int length;
>
> ppid = getppid ();
> sprintf (path, "/proc/%d/exe", ppid);
> link = (char *) malloc (sizeof (char) * PATH_MAX);
>
> length = readlink (path, link, PATH_MAX);
>
> Isn't very secure. Basically, to overcome it you only need to do:
> LD_PRELOAD=/tmp/evil_code.so /usr/bin/trusted_binary
While it's true that the program should unset those vars before exec'ing
the called application, the loader ignores any LD_PRELOAD or
LD_LIBRARY_PATH envvar if the running program is setuid/setgid, so it's
not an inmediate problem
>
> Furthermore, the /proc use is linux-only.
I've found the equivalence in FreeBSD 5.3Beta1, and I'm sure that
Solaris gets this info from /proc too, it was created for things like
this
This /proc use might be a problem when/if there are python/perl/...
bindings, because that symlink would point to the interpreter, but I'm
sure that it can be fixed with a plugin system (or simply custom
functions) to parse /proc/$pid/cmdline. But anyway, I think that it's
the most secure way to know that the app is authorized to use the agent
Carlos
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Alexander Larsson Red Hat, Inc
> alexl at redhat.com alla at lysator.liu.se
> He's a shy dishevelled romance novelist in a wheelchair. She's a vivacious
> gold-digging femme fatale who dreams of becoming Elvis. They fight crime!
>
More information about the xdg
mailing list