gksu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Improving gksu: lib, server, basic client


From: Gustavo Noronha Silva
Subject: Re: Improving gksu: lib, server, basic client
Date: Tue, 28 Oct 2003 12:43:43 -0200

Em Mon, 27 Oct 2003 20:44:33 -0200, Allan Douglas <address@hidden> escreveu:

> > Hau!
> !io

Yo!

> The problem is: keeping the plain password somewhere is a very bad thing, a 
> great security hole...
> Anyone can write a fake client and get the _plain password_. What 
> program/daemon/lib offers this "feature"?
> See sudo, it keeps the authorization for 15 minutes. But, it doesn't keep the 
> password, it makes a timestamp in /var/run/sudo and check if it is updated, 
> if yes, sudo runs the command without prompting the user.
> Gksu can't do this. It is a frontend to su, and su doesn't keep the 
> authorization.

Not a problem, for me. As I stated before, that is extremely improbable.
A 'fake' client could be created through telnet, but the 'attacker' would
have to know how to get the Xauthorization token.

I don't see this as a problem.

> - Make Gksu a real su-like program, not only a frontend. (very bad idea, 
> reinventar a roda...)

No, reinventing the wheel is bad =D

> - The daemon can open a "session" (calling su without the -c option) with su, 
> so we can execute many commands without prompting the user every time.

Not good, even... it would be even worse, I think. The 'attacker' would
not even have to know the password, he could 'cat /etc/shadow' using
gksu and boom!

> - Just don't keep the authentication.

No no no.

> - Your idea here

My idea is what I already said ;).

> If we, after considering all the possibilities, decide to keep the password, 
> the better is to create a file in a temp dir, with permission 0400, and then 
> storing the password into it. Much more simple and secure than a daemon.

I do not see how this can be more secure. Temporary files always
bring security concerns that could be avoided by a well-thought
daemon.

> > Well, I believe we can have that as an option, yes, what do you think?
> 
> Good...

Through which API?

> > I even believe that a daemon could help us achieve KISS, given our
> > goals.
> 
> I think i'll never understand that KISS...

Creating a temporary file is no KISS at all, IMO, I'd rather have a
daemon. Anyway, I think we should get down to business and code the
lib and basic client. We can think about this password keeping stuff
afterwards.

[]s!

-- 
address@hidden: Gustavo Noronha <http://people.debian.org/~kov>
Debian:  <http://www.debian.org>  *  <http://www.debian-br.org>
  "Não deixe para amanhã, o WML que você pode traduzir hoje!"
        http://debian-br.alioth.debian.org/?id=WebWML




reply via email to

[Prev in Thread] Current Thread [Next in Thread]