Toshiba Satellite 4090CDT + sudo ideas
David Mandelberg
mandelbergd at eth0.is-a-geek.org
Thu Dec 23 15:47:28 CST 2004
Matt Zimmerman wrote:
>>One suggestion that I might make is tighter integration between the
>>gnome version of "sudo" and the window manager (metacity). Could we put
>>an unforgeable border around windows from processes running as root and
>>also the "give me your password" window?
>
>
> I don't know of any way to do this, no. It is an inherent weakness of the
> security model used by su and sudo, that there are various ways to
> "piggyback" on the user's escalated privileges, and thus gain root if the
> user is compromised.
It could be done by using one time keys stored as X properties of the window(s)
running as root. To set or get a new one time key, you have to be root, and once
a window uses the key, its invalidated for all other windows, and once that
window is closed it's invalidated for all windows.
The key file should have perms something like root:rootkey 0640.
The window manager could change the border if the key is valid for that window
id (since the window manager couldn't read the key file, a sgid rootkey helper
app or daemon run as group rootkey could be used that takes a key and window id
on stdin/named pipe and outputs 0 or 1 on stdout/named pipe for valid or invalid).
The problem with this is that a window could disable window manager decorations
and emulate the root decorations. To fix this, the wm could ignore no wm
decorations hints or partially ignore them and add a warning instead of normal
decorations.
Also, a kernel patch could be written that would execute /usr/bin/sudo -k (sudo
-k makes sudo prompt you for the password the next time it's run) whenever a
user executes a setuid 0 (in the kernel uid 0 is better than mapping root to 0)
program. This would make life with sudo miserable for console junkies, but could
be controlled with sysctl and/or /proc.
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$
UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K-
w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-)
b++(+++)@ DI? D? G e->++++ h* r? z*
------END GEEK CODE BLOCK------
David Mandelberg
mandelbergd at eth0.is-a-geek.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20041223/b5851fde/signature.pgp
More information about the ubuntu-devel
mailing list