:: Re: [DNG] why is polkit needed? dro…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Aitor
日付:  
To: dng
題目: Re: [DNG] why is polkit needed? dropin replacement
Hi Tito,

On 23/2/20 14:15, Tito via Dng wrote:
> On 2/23/20 1:54 PM, Aitor wrote:
>> Hi,
>>
>> On 23/2/20 13:17, Aitor wrote:
>>> The binary won't be suid, but rather it'll receive the root password
>>> through the mentioned unix socket using internally (sudo | su)
>>> afterwards.
>>
>> As simple as that:
>>
>> system( "echo <password> | sudo -S <application_name>");
>>
>> I tested my first draft and it works. Do it simple, isn't it?
>>
>> Aitor.
>>
> Hi,
>
> this looks dangerous, isn't the password readable unencrypted in e.g.
> /proc?
> You should never send an unencrypted password over a shell or pipe.
> Usually the password as soon as it is inputted is encrypted with the
> correct cipher
> for the system and the buffer is zeroed, then the encrypted password
> is compared
> to what is in /etc/shadow or /etc/password or handled in the way is
> deemed fit.
> I suggest you to handle the passwords and the command and args to be
> run in your program
> This way:
> 1) password stays unencrypted for the shortest time
> 2) you have control and you can vet the env, program and args that are
> run.
>
> Hope this helps.
>
> Ciao,
> Tito


Thanks for the info, i know... Some people ripped me to shreds in the
IRC channel some years ago, when i started working on the backend of
simple-netaid.

This is only for testing the first part of the project. I have two ideas
for the second part:

- To have a look at the code of ssh-askpass, suggested by Didier Krin,
whose dialog frame is useful only for X11 and not for wayland.

- To emulate keypress events in C code afterwards, according to the
received password.

On the other hand, what do you think about the suid receiving the
password through the socket, staying the file descriptor for the
shortest time? I assume it encrypted.

Thanks in advance,

Aitor.