On 2020-02-23 22:10, marc wrote:
> If I understand you correctly, you propose a simple gtk
> program that is setuid (so that it can read /etc/shadow, and
> grant root privileges). The problem is that there is no such
> thing as a simple gtk program. This is not comment limited to
> gtk programs
Hi,
On 23/2/20 23:10, marc wrote:
You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them equals to more attack surface.
I would stay with just one suid binary, more so if you want to go the
su-only route.
I'll answer to this question in mor
On 2/23/20 11:10 PM, marc wrote:
You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about n
> >>You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about not passing
confidential informa
Hi again Tito,
On 23/2/20 17:02, Tito via Dng wrote:
On 2/23/20 4:22 PM, Aitor wrote:
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root
password through the mentione
On 2/23/20 4:22 PM, Aitor wrote:
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password through
the mentioned unix socket using internally (sudo | su) afterward
On 23/2/20 16:22, Aitor wrote:
- To have a look at the code of ssh-askpass, suggested by Didier Krin,
whose dialog frame is useful only for X11 and not for wayland.
Kryn :)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-b
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password
through the mentioned unix socket using internally (sudo | su)
afterwards.
As simple as that:
system( "ec
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password through
the mentioned unix socket using internally (sudo | su) afterwards.
As simple as that:
system( "echo | sudo -S ");
I tested my first draft and
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password
through the mentioned unix socket using internally (sudo | su) afterwards.
As simple as that:
system( "echo | sudo -S ");
I tested my first draft and it works. Do it simple, isn't it?
Ai
Hi Tito,
On 23/2/20 13:19, Tito via Dng wrote:
Hi,
please don't restrict it, make it a universally usable tool.
Ok :)
Why using a socket maybe KISS?
For inspiration you can take a look at:
https://git.busybox.net/busybox/tree/loginutils/su.c
this is tested and widely used code.
Thanks fo
Hi,
On 23/2/20 13:23, Aitor wrote:
Hi Tom,
On 23/2/20 13:21, tom wrote:
What happens when a password isn't need, such as when a sudo policy is
set?
Are you referring to the sudo | su duality?
Aitor.
If so, the application might check the sudo permissions of the current
user, reading the
Hi Tom,
On 23/2/20 13:21, tom wrote:
What happens when a password isn't need, such as when a sudo policy is
set?
Are you referring to the sudo | su duality?
Aitor.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailm
On Sun, 23 Feb 2020 13:17:21 +0100
Aitor wrote:
> Hi,
>
> On 23/2/20 12:34, Aitor wrote:
> >
> > Hi Steve,
> >
> > On 21/2/20 21:57, Steve Litt wrote:
> >> Will it work even if I'm not using lxqt? Does it stand alone?
> >>
> >> SteveT
> > I've just started developing a replacement for gksu in
On 2/23/20 12:34 PM, Aitor wrote:
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following the same
method used in simple-netaid,
that is: a suid binary receivi
Hi,
On 23/2/20 12:34, Aitor wrote:
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following
the same method used in simple-netaid,
that is: a suid binary receivi
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following
the same method used in simple-netaid,
that is: a suid binary receiving the password through an unix socket
18 matches
Mail list logo
