Re: GNOME privilege library

From: Sean Middleditch <elanthis awesomeplay com>
To: Xavier Bestel <xavier bestel free fr>
Cc: Desktop Devel <desktop-devel-list gnome org>
Subject: Re: GNOME privilege library
Date: Thu, 13 Jan 2005 13:06:11 -0500

On Thu, 2005-01-13 at 18:55 +0100, Xavier Bestel wrote:
> Le jeudi 13 janvier 2005 à 12:48 -0500, Sean Middleditch a écrit :
> > No.  In order to start any of these with privileges, you need a
> > privileged helper program - i.e., setuid.  LD_PRELOAD is disabled for
> > setuid binaries.
> 
> What I meant is, ~/Downloads/random-trojan can start
> LD_PRELOAD=/tmp/trojan-crafted-lib.so /usr/bin/gnome-procman
> and then executes itself with procman's name.

And how would that in anyway let the trojan invoke the backends with
privileges?  The setuid helper would be responsible for determining that
its parent (who launched it) is allowed to execute the target backend,
perhaps using the infromation in /proc (on Linux).

Or, as Mike said, if D-BUS is chosen as the backend, the security system
in D-BUS can be used.  (Which basically does the above, albeit more
portably.)

Follow-Ups:
- Re: GNOME privilege library
  - From: Xavier Bestel

References:
- GNOME privilege library
  - From: Sean Middleditch
- Re: GNOME privilege library
  - From: Xavier Bestel
- Re: GNOME privilege library
  - From: Sean Middleditch
- Re: GNOME privilege library
  - From: Xavier Bestel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]