Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: suid helper to verify own passwd
From: Christian Biere (christianbieregmx.de)
Date: Thu Dec 21 2006 - 21:36:02 CST
Thor Lancelot Simon wrote:
> On Fri, Dec 22, 2006 at 03:39:00AM +0100, Christian Biere wrote:
> > Matthias Drochner wrote:
> > > One can argue (as does Joerg) that such an attacker could
> > > listen to X11 events carrying the passwd as well, so there
> > > is no additional danger.
> > That's one reason why I prefer the console over X for certain things.
> You understand that an attacker with your UID can simply read from your
> tty, right, since it's a file you can open? Or, for that matter, from
> the memory image of your process, using ptrace. The X11 thing is really
> a red herring.
No, it's not a red herring. If I log into a remote host using X11, an
attacker can sniff all X events on the remote machine and possibly even
inject events into terminals I have open locally. That's why I don't like
mixing users under X and I don't use a window manager when logging into
a machine using X that I don't trust because that would potentially
allow the remote side to start xterm or whatever on my machine etc. Of
course I have to trust my X server to be not exploitable this way.