cross-platform virus
John
dingo at coco2.arach.net.au
Mon Apr 10 01:27:41 BST 2006
Lukas Sabota wrote:
>>Yes, but this program would not be an issue. The point is not some
>>random program to get you to type in your password. The point is to
>>authorise a virus for root access. A gksud command could not do that. It
>>could only get you to type you password in.
>>
>>Sasha
>>
>
> Yes, but once a "gksud" program got a password, it could easily run sudo
> with that password for the virus/trojan. Am I correct?
Only if it's something gksud already does, or if the attacker's replaced
it.
It would be nice if there were no way for stuff in ~, /tmp and /var/tmp
to escalate _by any means_ to root.
It might need some changes to how dpkg (and rpm) run install-time
scripts, but that shouldn't be difficult.
More information about the sounder
mailing list