Visually authenticating windows (Re: Toshiba Satellite 4090CDT + sudo ideas)

David Mandelberg mandelbergd at
Thu Dec 23 20:37:24 CST 2004

Matt Zimmerman wrote:
> On Thu, Dec 23, 2004 at 04:47:28PM -0500, David Mandelberg wrote:
>>Matt Zimmerman wrote:
>>>I don't know of any way to do this, no.  It is an inherent weakness of the
>>>security model used by su and sudo, that there are various ways to
>>>"piggyback" on the user's escalated privileges, and thus gain root if the
>>>user is compromised.
>>Also, a kernel patch could be written that would execute /usr/bin/sudo -k
>>(sudo -k makes sudo prompt you for the password the next time it's run)
>>whenever a user executes a setuid 0 (in the kernel uid 0 is better than
>>mapping root to 0) program. This would make life with sudo miserable for
>>console junkies, but could be controlled with sysctl and/or /proc.
> What would be the point of this? It sounds unrelated to the window
> appearance, and the kernel has no business interacting with sudo.
It addresses the 'inherent weakness of the security model used by su and sudo'
and the piggybacking issue. As for the kernel interacting with sudo, that was
just an example (sorry for not being clear), the actual program and arguments it
runs could be configured by /proc. The idea is just that it would prevent
hijacking of benevolent password storing or authentication without checking
credentials. A better way to do it would probably to prevent sudo from saving
auth info.

Version: 3.1
GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$
UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K-
w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-)
b++(+++)@ DI? D? G e->++++ h* r? z*

David Mandelberg
mandelbergd at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :

More information about the ubuntu-devel mailing list