Proposing to host system-auth-agent in fdo
David Collier-Brown
davec-b at rogers.com
Mon Oct 18 00:38:17 EEST 2004
Carlos Garnacho <carlosg at gnome.org> wrote:
>>I'm not saying this is an root exploit or anything, just that the actual
>>check for authenticating which apps are allowed to start root apps isn't
>>secure. You still have to type in the root password (unless it was
>>cached...)
>
>
> Ok, the program that uses the API could still be affected by LD_PRELOAD,
> but let's suppose the next scenario:
>
> Joe tries to do weird stuff, writes a .so file that replaces getuid()
> calls to impersonate Frank and tries to run "rm -rf /", runs
> control-center with LD_PRELOAD
>
> 1) system-auth-manager will still know which is the calling user, as it
> isn't affected by LD_PRELOAD
>
> 2) system-auth-manager will check that user Joe is allowed to run the
> "rm" command, if he isn't, the root password will be requested, and the
> whole LD_PRELOAD won't be effective at all.
Will Linux load an LD_PRELOAD from a non-root-owned
directory tree for a setuid executable?
That's one of the checks that the "Linker Aliens" (the
dynamic linker team at Sun, who I used to work with)
asked to be made part of the security standard for ld.so...
If not, what's the appropriate list to discuss **that** on?
--dave (former professional paranoid) c-b
--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
More information about the xdg
mailing list