sudo security concerns ?
Scott James Remnant
scott at netsplit.com
Thu Nov 25 23:58:31 CST 2004
On Thu, 2004-11-25 at 20:00 -0800, Karl Hegbloom wrote:
> Can a program or script running under my own UID monitor keystrokes and
> learn my sudo password?
>
Sure, also if you run a root shell inside a terminal running as your own
UID then if your account is compromised they can inject key-strokes into
it and do things as root.
Ever read Terry Pratchett? If so you know that whenever Wizards use
magic, the evil beings from the Dungeon Dimensions appear and try to
break into our world ... It's like that every time you "become root",
you open up a doorway to evil.
Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20041126/174bd2cd/attachment.pgp
More information about the ubuntu-devel
mailing list