Proposing to host system-auth-agent in fdo

Carlos Garnacho carlosg at gnome.org
Sat Oct 16 21:48:51 EEST 2004 

On Thu, 2004-10-14 at 10:31 +0200, Alexander Larsson wrote:
> On Wed, 2004-10-13 at 21:01 +0200, Carlos Garnacho wrote:
> > 
> > I hope that this clarifies that all the important checks are done in
> > the setuid program provided by the auth agent, which isn't theorically
> > affected by the LD_PRELOAD stuff, and that it will only run things
> > without being asked for password once the user enters the root
> > password at least one time and explicitly says that he's allowed to do
> > this task.
> 
> Well. LD_PRELOAD never directly affects the system-auth-agent process,
> or the children it spawns. However, it does affect the user app
> (control-center here), so the action in your step 3,"checks that
> control-center is authorized to use it" is in fact a no-op, since it
> doesn't really verify that the control-center code is running. In this
> case its really evil.so thats running.
> 
> I'm not saying this is an root exploit or anything, just that the actual
> check for authenticating which apps are allowed to start root apps isn't
> secure. You still have to type in the root password (unless it was
> cached...)

Ok, the program that uses the API could still be affected by LD_PRELOAD,
but let's suppose the next scenario:

Joe tries to do weird stuff, writes a .so file that replaces getuid()
calls to impersonate Frank and tries to run "rm -rf /", runs
control-center with LD_PRELOAD

1) system-auth-manager will still know which is the calling user, as it
isn't affected by LD_PRELOAD

2) system-auth-manager will check that user Joe is allowed to run the
"rm" command, if he isn't, the root password will be requested, and the
whole LD_PRELOAD won't be effective at all. 

	Carlos

> 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>  Alexander Larsson                                            Red Hat, Inc 
>                    alexl at redhat.com    alla at lysator.liu.se 
> He's a fast talking native American senator haunted by an iconic dead American 
> confidante She's a brilliant green-skinned snake charmer in the wrong place at 
> the wrong time. They fight crime! 
>

More information about the xdg mailing list