[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Improving gksu: lib, server, basic client
From: |
Allan Douglas |
Subject: |
Re: Improving gksu: lib, server, basic client |
Date: |
Mon, 27 Oct 2003 20:44:33 -0200 |
> Hau!
!io
> > We really need a daemon?
>
> Well, no, we need a way to keep the authorization for a small amount
> of time. What do you propose?
The problem is: keeping the plain password somewhere is a very bad thing, a
great security hole...
Anyone can write a fake client and get the _plain password_. What
program/daemon/lib offers this "feature"?
See sudo, it keeps the authorization for 15 minutes. But, it doesn't keep the
password, it makes a timestamp in /var/run/sudo and check if it is updated, if
yes, sudo runs the command without prompting the user.
Gksu can't do this. It is a frontend to su, and su doesn't keep the
authorization.
What we can do?
- Make Gksu a real su-like program, not only a frontend. (very bad idea,
reinventar a roda...)
- The daemon can open a "session" (calling su without the -c option) with su,
so we can execute many commands without prompting the user every time.
- Just don't keep the authentication.
- Your idea here
If we, after considering all the possibilities, decide to keep the password,
the better is to create a file in a temp dir, with permission 0400, and then
storing the password into it. Much more simple and secure than a daemon.
> > Will be possible to utilize the lib without executing the daemon?
>
> Well, I believe we can have that as an option, yes, what do you think?
Good...
> > We really need a daemon? And the KISS principle...?
>
> I even believe that a daemon could help us achieve KISS, given our
> goals.
I think i'll never understand that KISS...
[]'s
- Improving gksu: lib, server, basic client, Gustavo Noronha Silva, 2003/10/21
- Re: Improving gksu: lib, server, basic client, Agney Lopes Roth Ferraz, 2003/10/22
- Re: Improving gksu: lib, server, basic client, Allan Douglas, 2003/10/24
- Re: Improving gksu: lib, server, basic client, Gustavo Noronha Silva, 2003/10/27
- Re: Improving gksu: lib, server, basic client,
Allan Douglas <=
- Re: Improving gksu: lib, server, basic client, Gustavo Noronha Silva, 2003/10/28
- Re: Improving gksu: lib, server, basic client, Allan Douglas, 2003/10/28
- Re: Improving gksu: lib, server, basic client, Paul Smith, 2003/10/29
- Re: Improving gksu: lib, server, basic client, Gustavo Noronha Silva, 2003/10/29