Re Kubuntu 64bit, several issues
mdz at ubuntu.com
Sun Aug 14 12:28:29 CDT 2005
On Sun, Aug 14, 2005 at 06:05:44PM +0100, Tristan Wibberley wrote:
> Surely when running su and sudo, the console input is protected from
No. Consider that if your user account is compromised, you can't even be
sure that you are running su or sudo, and not a trojan.
> Otherwise there is little point to requiring proof that a user running
> sudo synaptic is the real user. That is the point of sudo, I can do my
> normal web browsing on my normal account and trust that an attacker can't
> screw the system (bugs in the kernel or setuid programs excepted), if this
> is not true administration shouldn't be available (or at least not
> recommended) through sudo, you should log out and log into an
> administration account that just has administration functions.
It is a tradeoff; if you prefer to administer your system this way, simply
set a root password and remove yourself from the admins group.
> Which makes me think of something else. The password caching of sudo is
> supposed to be safe because the user that typed the password is expected
> to still be nearby, which only helps when somebody is running sudo from
> the console - if the attacker is running programs over the network a
> cached password lets an attacker do stuff without anybody being able to
> tell and without anything to stop it.
That's why sudo (as configured by default in Ubuntu) only allows the cached
ticket to be used on the same terminal.
> > , combined with a screenscrape to always be able
> > to see *exactly* what you're doing, they can insert in whatever they
> > like ... basically, if someone has your account, you're totally
> > screwed, and there's no way to prevent that. They have effectively just
> > become you.
> I think that is a big bug. When I type my password at the console for
> sudo or su or gksu, it proves it is me at the keyboard, so input on that
> keyboard can be trusted for a while. That is very different from the
> attacker being me. So they are not the same, and logically something
> *could* be done about it.
More information about the ubuntu-devel