Re: GNOME privilege library

From: Xavier Bestel <xavier bestel free fr>
To: Sean Middleditch <elanthis awesomeplay com>
Cc: Desktop Devel <desktop-devel-list gnome org>
Subject: Re: GNOME privilege library
Date: Thu, 13 Jan 2005 19:33:05 +0100

Le jeudi 13 janvier 2005 à 13:06 -0500, Sean Middleditch a écrit :
> On Thu, 2005-01-13 at 18:55 +0100, Xavier Bestel wrote:
> > Le jeudi 13 janvier 2005 à 12:48 -0500, Sean Middleditch a écrit :
> > > No.  In order to start any of these with privileges, you need a
> > > privileged helper program - i.e., setuid.  LD_PRELOAD is disabled for
> > > setuid binaries.
> > 
> > What I meant is, ~/Downloads/random-trojan can start
> > LD_PRELOAD=/tmp/trojan-crafted-lib.so /usr/bin/gnome-procman
> > and then executes itself with procman's name.
> 
> And how would that in anyway let the trojan invoke the backends with
> privileges?  The setuid helper would be responsible for determining that
> its parent (who launched it) is allowed to execute the target backend,
> perhaps using the infromation in /proc (on Linux).

Yes, that means you want to forbid applications that don't use only
system libraries (i.e. from /usr/lib or /lib), so:
- no custom libs from LD_LIBRARY_PATH
- no custom theme engine
- the application isn't allowed to load custom plugins

which all makes sense (no running of user code), but it is very
inconvenient. Maybe it's better to just be sure that the suid helper is
safe to be called by anyone.

	Xav

Follow-Ups:
- Re: GNOME privilege library
  - From: Sean Middleditch

References:
- GNOME privilege library
  - From: Sean Middleditch
- Re: GNOME privilege library
  - From: Xavier Bestel
- Re: GNOME privilege library
  - From: Sean Middleditch
- Re: GNOME privilege library
  - From: Xavier Bestel
- Re: GNOME privilege library
  - From: Sean Middleditch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]