Re Kubuntu 64bit, several issues

Trent Lloyd lathiat at bur.st
Sun Aug 14 12:23:47 CDT 2005


Tristan Wibberley wrote:

>Daniel Stone wrote:
>  
>
>>On Sun, Aug 14, 2005 at 11:30:49AM +0100, Tristan Wibberley wrote:
>>
>>    
>>
>>>Something I'm concerned about sudo, and this is relevant for su also. If
>>>my user account is compromised, an attacker that gets to run a program
>>>locally through, say, a zlib bug, could alias sudo to grab my password,
>>>unalias sudo, then fail. [...]
>>>      
>>>
>>If someone has access to your account, then you've already lost.  They
>>can keylog everything.
>>    
>>
>
>Surely when running su and sudo, the console input is protected from
>keylogging? Otherwise there is little point to requiring proof that a
>  
>
Yes they are, but it doesn't mean you can't do 29438120948124 other
things, like putting fake programs in, etc.
As daniel said, you've already lost.

>user running sudo synaptic is the real user. That is the point of sudo,
>I can do my normal web browsing on my normal account and trust that an
>attacker can't screw the system (bugs in the kernel or setuid programs
>excepted), if this is not true administration shouldn't be available (or
>at least not recommended) through sudo, you should log out and log into
>an administration account that just has administration functions. Which
>makes me think of something else. The password caching of sudo is
>supposed to be safe because the user that typed the password is expected
>to still be nearby, which only helps when somebody is running sudo from
>the console - if the attacker is running programs over the network a
>cached password lets an attacker do stuff without anybody being able to
>tell and without anything to stop it.
>  
>
The sudo authentication password caching is per-tty, so if they login
remotely it doesn't count.

>  
>
>>, combined with a screenscrape to always be able
>>to see *exactly* what you're doing, they can insert in whatever they
>>like ... basically, if someone has your account, you're totally
>>screwed, and there's no way to prevent that.  They have effectively just
>>become you.
>>    
>>
>
>I think that is a big bug. When I type my password at the console for
>sudo or su or gksu, it proves it is me at the keyboard, so input on that
>keyboard can be trusted for a while. That is very different from the
>attacker being me. So they are not the same, and logically something
>*could* be done about it.
>  
>
It only proves that when you type the password no one else could sniff it.

Trent



More information about the ubuntu-devel mailing list