Re Kubuntu 64bit, several issues
Matt Zimmerman
mdz at ubuntu.com
Sun Aug 14 15:03:31 CDT 2005
On Sun, Aug 14, 2005 at 08:54:52PM +0100, Tristan Wibberley wrote:
> Matt Zimmerman wrote:
> > No. Consider that if your user account is compromised, you can't even be
> > sure that you are running su or sudo, and not a trojan.
>
> That's what I was asking for in my original post, protection against
> that. The X server is started from a known place and I'd like to be able
> to force gnome-session or KDE from a known place, which will only start
> gnome-panel from a known place, which will only start gksu from a known
> place.
It isn't as simple as PATH. If someone has access to your user privileges,
they can manipulate any process running under your uid. You cannot protect
yourself from yourself.
> What would be nicer still is if terminal emulators and the X server could
> provide a different display when a known binary is asking for privileged
> information in a secure manner (a display that they cannot be asked to
> produce in any other way). So you can see at a glance if you are in a
> secure environment when you're prompted for your password.
This is a difficult problem (and one which has been discussed before on this
mailing list).
--
- mdz
More information about the ubuntu-devel
mailing list