Re Kubuntu 64bit, several issues
lathiat at bur.st
Sun Aug 14 12:23:47 CDT 2005
Tristan Wibberley wrote:
>Daniel Stone wrote:
>>On Sun, Aug 14, 2005 at 11:30:49AM +0100, Tristan Wibberley wrote:
>>>Something I'm concerned about sudo, and this is relevant for su also. If
>>>my user account is compromised, an attacker that gets to run a program
>>>locally through, say, a zlib bug, could alias sudo to grab my password,
>>>unalias sudo, then fail. [...]
>>If someone has access to your account, then you've already lost. They
>>can keylog everything.
>Surely when running su and sudo, the console input is protected from
>keylogging? Otherwise there is little point to requiring proof that a
Yes they are, but it doesn't mean you can't do 29438120948124 other
things, like putting fake programs in, etc.
As daniel said, you've already lost.
>user running sudo synaptic is the real user. That is the point of sudo,
>I can do my normal web browsing on my normal account and trust that an
>attacker can't screw the system (bugs in the kernel or setuid programs
>excepted), if this is not true administration shouldn't be available (or
>at least not recommended) through sudo, you should log out and log into
>an administration account that just has administration functions. Which
>makes me think of something else. The password caching of sudo is
>supposed to be safe because the user that typed the password is expected
>to still be nearby, which only helps when somebody is running sudo from
>the console - if the attacker is running programs over the network a
>cached password lets an attacker do stuff without anybody being able to
>tell and without anything to stop it.
The sudo authentication password caching is per-tty, so if they login
remotely it doesn't count.
>>, combined with a screenscrape to always be able
>>to see *exactly* what you're doing, they can insert in whatever they
>>like ... basically, if someone has your account, you're totally
>>screwed, and there's no way to prevent that. They have effectively just
>I think that is a big bug. When I type my password at the console for
>sudo or su or gksu, it proves it is me at the keyboard, so input on that
>keyboard can be trusted for a while. That is very different from the
>attacker being me. So they are not the same, and logically something
>*could* be done about it.
It only proves that when you type the password no one else could sniff it.
More information about the ubuntu-devel