Re Kubuntu 64bit, several issues

Daniel Stone daniel at fooishbar.org
Sun Aug 14 09:44:50 CDT 2005


On Sun, Aug 14, 2005 at 11:30:49AM +0100, Tristan Wibberley wrote:
> Something I'm concerned about sudo, and this is relevant for su also. If
> my user account is compromised, an attacker that gets to run a program
> locally through, say, a zlib bug, could alias sudo to grab my password,
> unalias sudo, then fail. [...]

If someone has access to your account, then you've already lost.  They
can keylog everything, combined with a screenscrape to always be able
to see *exactly* what you're doing, they can insert in whatever they
like ... basically, if someone has your account, you're totally
screwed, and there's no way to prevent that.  They have effectively just
become you.



More information about the ubuntu-devel mailing list