Re: GNOME and superuser (privilege raising) integration

From: Sriram Ramkrishna <sri aracnet com>
To: Hongli Lai <h lai chello nl>
Cc: Philip Van Hoof <spam freax org>, desktop-devel-list gnome org
Subject: Re: GNOME and superuser (privilege raising) integration
Date: Tue, 13 May 2003 13:27:35 -0700

On Tue, May 13, 2003 at 10:05:28PM +0200, Hongli Lai wrote:
> On Tuesday 13 May 2003 21:23, Philip Van Hoof wrote:
> 
> 
> > The best way is to use a SUID-root non-Gtk+
> > application in stead of passing the password to "su" using a
> > terminal-widget. However, some people dislike the idea of having
> > _another_ SUID-root application and like the idea of using the standard
> > "su" -or "sudo" command for this purpose. (Problem: su and sudo require
> > a terminal for typing in the password -you cannot use a pipe for this-).
> > Faking a terminal-widget might introduce security-issues.
> 
> How is it less secure than opening gnome-terminal, typing 'su' and typing in 
> your password manually using the keyboard?
> 

FWIW at work we implemented a way to be able to use AFS admin tokens
on demand for certain apps without typing a password.  It required
a daemon that held the admin token and we then we created a sort
of admin frontend that allows us to do various things on AFS and it
would get the admin token from the daemon using an encrypted pipe.
(I'm sketchy on the details..but if people are interested I could
research further)  The mechanism wasn't that hard to port.  We
started on solaris and moved to linux.

You could in the same vein to create such a daemon that would feed
the root password on demand using an encrypted stream.  Just an idea.

sri

References:
- GNOME and superuser (privilege raising) integration
  - From: Hongli Lai
- Re: GNOME and superuser (privilege raising) integration
  - From: Philip Van Hoof
- Re: GNOME and superuser (privilege raising) integration
  - From: Hongli Lai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]