Sigh...did it again. meant to reply all.
---------- Forwarded message ----------
From: Zach <uid000@xxxxxxxxx>
Date: Jul 6, 2005 10:31 AM
Subject: Re: gksudo potentially very insecure
To: Eldo Varghese <poningru@xxxxxxx>
Sounds reasonable. There could be a right-click option that allows
you to (a) drop priveleges, and (b) configure a timeout period that
could be less than or equal to the administrator-defined timeout.
I think fedora currently has this. There is an icon that shows up in
the tray that indicates you're currently holding administrator
credentials. Of course they use gksu, not gksudo.
Also it's important to note the difference between gksudo and sudo.
Sudo priviledges are applicable only to the shell i which it is
invoked. A new shell does not benefit from an unexpired time-out
period in another shell. Gksudo, on the other hand necessarily leaves
the time-out period open to any other gksudo-invoked programs.
On 7/6/05, Eldo Varghese <poningru@xxxxxxx> wrote:
> Wouter Stomp wrote:
> >I just noticed today that when I start a program which asks for your
> >password in gnome (with gksudo) and then you start another program
> >which uses gksudo, you have no idea at all that you have root
> >priviliges and can do potentially harmful things. At the terminal, the
> >timeout setting for sudo is very useful. But then you are aware of
> >every command that uses sudo, as you have to type it everytime. But in
> >Gnome, in the second program you open you have no clue at all that you
> >are using it as a superuser. The simplest example in which things can
> >go wrong is the following:
> >1. User opens synaptic, which asks for his password
> >2. User wants to open a terminal, but instead he accidentily clicks on
> >root terminal, which doesn't ask for a password
> >3. Average user doesn't see the difference and doesn't notice 'root'
> >at the start of the prompt, and even if he did he most likely doesn't
> >know what it means.
> >4. And then anything can happen (rm -rf /* or whatever)
> >At the command line, typing sudo makes you aware you are doing
> >something that can be dangerous. In gnome it is having to type your
> >password what tells you you are doing potentially dangerous things.
> >When not asked for a password, there's no clue left.
> >The timeout setting is nice and handy, but I think it would be better
> >if you get asked for a password whenever you start a new program with
> >gksudo. The timout setting could still be useful when opening the same
> >program more than one time.
> >ps. should I file a bug about this? (couldn't find one) or is there a
> >reason for doing things this way?
> Hello all
> New to this Mailing List so please pardon any faux pas. With all this
> discussion about how to show the sudo status & the amount of time left,
> I was wondering why not put an Icon in the Notification Area that popped
> up and countsdown everytime you sudo, towards the end of the timeout
> (last 5 secs or something more appropriate) the icon flashes red every
> sec and beeps (in an unobtrusive way). Just an idea I am throwing out,
> please pick it apart.
> - Eldo
> ubuntu-devel mailing list
ubuntu-devel mailing list