:: Re: [DNG] why is polkit needed? dro…
Top Page
Delete this message
Reply to this message
Author: Tito
Date:  
To: dng
Subject: Re: [DNG] why is polkit needed? dropin replacement


On 2/23/20 1:54 PM, Aitor wrote:
> Hi,
>
> On 23/2/20 13:17, Aitor wrote:
>> The binary won't be suid, but rather it'll receive the root password through the mentioned unix socket using internally (sudo | su) afterwards.
>
> As simple as that:
>
> system( "echo <password> | sudo -S <application_name>");
>
> I tested my first draft and it works. Do it simple, isn't it?
>
> Aitor.
>

Hi,

this looks dangerous, isn't the password readable unencrypted in e.g. /proc?
You should never send an unencrypted password over a shell or pipe.
Usually the password as soon as it is inputted is encrypted with the correct cipher
for the system and the buffer is zeroed, then the encrypted password is compared
to what is in /etc/shadow or /etc/password or handled in the way is deemed fit.
I suggest you to handle the passwords and the command and args to be run in your program
This way:
1) password stays unencrypted for the shortest time
2) you have control and you can vet the env, program and args that are run.

Hope this helps.

Ciao,
Tito