Re Kubuntu 64bit, several issues

Tristan Wibberley maihem at maihem.org
Sun Aug 14 12:05:44 CDT 2005


Daniel Stone wrote:
> On Sun, Aug 14, 2005 at 11:30:49AM +0100, Tristan Wibberley wrote:
> 
>>Something I'm concerned about sudo, and this is relevant for su also. If
>>my user account is compromised, an attacker that gets to run a program
>>locally through, say, a zlib bug, could alias sudo to grab my password,
>>unalias sudo, then fail. [...]
> 
> 
> If someone has access to your account, then you've already lost.  They
> can keylog everything.

Surely when running su and sudo, the console input is protected from
keylogging? Otherwise there is little point to requiring proof that a
user running sudo synaptic is the real user. That is the point of sudo,
I can do my normal web browsing on my normal account and trust that an
attacker can't screw the system (bugs in the kernel or setuid programs
excepted), if this is not true administration shouldn't be available (or
at least not recommended) through sudo, you should log out and log into
an administration account that just has administration functions. Which
makes me think of something else. The password caching of sudo is
supposed to be safe because the user that typed the password is expected
to still be nearby, which only helps when somebody is running sudo from
the console - if the attacker is running programs over the network a
cached password lets an attacker do stuff without anybody being able to
tell and without anything to stop it.

> , combined with a screenscrape to always be able
> to see *exactly* what you're doing, they can insert in whatever they
> like ... basically, if someone has your account, you're totally
> screwed, and there's no way to prevent that.  They have effectively just
> become you.

I think that is a big bug. When I type my password at the console for
sudo or su or gksu, it proves it is me at the keyboard, so input on that
keyboard can be trusted for a while. That is very different from the
attacker being me. So they are not the same, and logically something
*could* be done about it.

-- 
Tristan Wibberley

Opinions expressed are my own and do not necessarily coincide with those
of my employer, etc.




More information about the ubuntu-devel mailing list