Proposing to host system-auth-agent in fdo

Carlos Garnacho carlosg at
Sun Oct 24 18:33:09 EEST 2004

On Mon, 2004-10-18 at 09:06 +0200, Alexander Larsson wrote:
> On Sat, 2004-10-16 at 20:48 +0200, Carlos Garnacho wrote:
> > Ok, the program that uses the API could still be affected by LD_PRELOAD,
> > but let's suppose the next scenario:
> > 
> > Joe tries to do weird stuff, writes a .so file that replaces getuid()
> > calls to impersonate Frank and tries to run "rm -rf /", runs
> > control-center with LD_PRELOAD
> > 
> > 1) system-auth-manager will still know which is the calling user, as it
> > isn't affected by LD_PRELOAD
> > 
> > 2) system-auth-manager will check that user Joe is allowed to run the
> > "rm" command, if he isn't, the root password will be requested, and the
> > whole LD_PRELOAD won't be effective at all. 
> So, you're agreeing that the binary-name check doesn't help much? (Since
> you brought up the uid check instead.)

I've just uploaded the 0.0.2 version [1] which fixes this problem by
linking statically the library by default (adding ~50KB to the binary
size), one can still LD_PRELOAD to override read() and write() calls,
but that problem is intrinsic to any graphical auth application.

I've also uploaded a little gnome-based application [2] that uses the
system-auth-agent to run other applications as root, works quite fine as
a test application.



> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>  Alexander Larsson                                            Red Hat, Inc 
>                    alexl at    alla at 
> He's an old-fashioned one-eyed grifter looking for a cure to the poison 
> coursing through his veins. She's a mentally unstable hypochondriac Hell's 
> Angel with a knack for trouble. They fight crime! 

More information about the xdg mailing list