On Monday 14 Jun 2010 12:52:30 Elazar Leibovich wrote:
> I think you're missing the very fundamental problem I was discussing.
> Sudo is great, having the default user in the admin group, enabling him to
> sudo everything is even better. But this applies only when working with the
> CLI.
> However, when using a GUI system, and administrating your system using the
> GUI, you're exposing the user to a great threat. When using the CLI no
> software can ask you for input, therefor if you sudo for anything it is
> definitely you who did that. It is very hard to trick the user into
> sudo'ing something he didn't want to.
>
> When the user is administrating his system through the GUI, he will sudo a
> legitimate software by typing his password. It is even worse than that -
> the legitimate software which needs to be sudo'd will ask (by means of the
> taskbar) from time to time the user to leverage its permission by typing
> password.
> The authentication scheme the user employ in order to recognize who asked
> for permission is only the visual layout of the application. It is very
> easy for an attacker to make his software look like the update manager,
> and ask the user to update his software through the taskbar. If the casual
> user is used to typing his password every time the update manager asks him
> to update his system - he'll do that for hostile software which uses the
> update manager's icon as well. Even experienced users might be tricked, as
> you're having zero visual clue about the software identity.
>
That's why you should not install software that you should not trust. There's
no escape from it. If you install such software as a normal user, it can
easily temper with your local user configuration and end up spying on you or
getting your credentials - even as an underprivileged user on UNIX.
Regards,
Shlomi Fish
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
Why I Love Perl - http://shlom.in/joy-of-perl
God considered inflicting XSLT as the tenth plague of Egypt, but then
decided against it because he thought it would be too evil.
Please reply to list if it's a mailing list post - http://shlom.in/reply .
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
