[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Improving gksu: lib, server, basic client
From: |
Gustavo Noronha Silva |
Subject: |
Re: Improving gksu: lib, server, basic client |
Date: |
Tue, 28 Oct 2003 12:43:43 -0200 |
Em Mon, 27 Oct 2003 20:44:33 -0200, Allan Douglas <address@hidden> escreveu:
> > Hau!
> !io
Yo!
> The problem is: keeping the plain password somewhere is a very bad thing, a
> great security hole...
> Anyone can write a fake client and get the _plain password_. What
> program/daemon/lib offers this "feature"?
> See sudo, it keeps the authorization for 15 minutes. But, it doesn't keep the
> password, it makes a timestamp in /var/run/sudo and check if it is updated,
> if yes, sudo runs the command without prompting the user.
> Gksu can't do this. It is a frontend to su, and su doesn't keep the
> authorization.
Not a problem, for me. As I stated before, that is extremely improbable.
A 'fake' client could be created through telnet, but the 'attacker' would
have to know how to get the Xauthorization token.
I don't see this as a problem.
> - Make Gksu a real su-like program, not only a frontend. (very bad idea,
> reinventar a roda...)
No, reinventing the wheel is bad =D
> - The daemon can open a "session" (calling su without the -c option) with su,
> so we can execute many commands without prompting the user every time.
Not good, even... it would be even worse, I think. The 'attacker' would
not even have to know the password, he could 'cat /etc/shadow' using
gksu and boom!
> - Just don't keep the authentication.
No no no.
> - Your idea here
My idea is what I already said ;).
> If we, after considering all the possibilities, decide to keep the password,
> the better is to create a file in a temp dir, with permission 0400, and then
> storing the password into it. Much more simple and secure than a daemon.
I do not see how this can be more secure. Temporary files always
bring security concerns that could be avoided by a well-thought
daemon.
> > Well, I believe we can have that as an option, yes, what do you think?
>
> Good...
Through which API?
> > I even believe that a daemon could help us achieve KISS, given our
> > goals.
>
> I think i'll never understand that KISS...
Creating a temporary file is no KISS at all, IMO, I'd rather have a
daemon. Anyway, I think we should get down to business and code the
lib and basic client. We can think about this password keeping stuff
afterwards.
[]s!
--
address@hidden: Gustavo Noronha <http://people.debian.org/~kov>
Debian: <http://www.debian.org> * <http://www.debian-br.org>
"Não deixe para amanhã, o WML que você pode traduzir hoje!"
http://debian-br.alioth.debian.org/?id=WebWML
- Improving gksu: lib, server, basic client, Gustavo Noronha Silva, 2003/10/21
- Re: Improving gksu: lib, server, basic client, Agney Lopes Roth Ferraz, 2003/10/22
- Re: Improving gksu: lib, server, basic client, Allan Douglas, 2003/10/24
- Re: Improving gksu: lib, server, basic client, Gustavo Noronha Silva, 2003/10/27
- Re: Improving gksu: lib, server, basic client, Allan Douglas, 2003/10/27
- Re: Improving gksu: lib, server, basic client,
Gustavo Noronha Silva <=
- Re: Improving gksu: lib, server, basic client, Allan Douglas, 2003/10/28
- Re: Improving gksu: lib, server, basic client, Paul Smith, 2003/10/29
- Re: Improving gksu: lib, server, basic client, Gustavo Noronha Silva, 2003/10/29