search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: Installing Ubuntu 9.10 Hands-on: OpenMoko WikiReader is simple, appealing Perl far from dead, more popular than you think Microsoft Exchange alternatives Kubuntu 9.10: A Mixed Bag Could Microsoft switch to Linux? Red Hat Virtualization Manager for Windows Only? Creating Ebooks with Sigil Editor's Note: Making Multi-Channel Firewire Music With Linux Amaya: A Simple, Yet Useful Alternative to Dreamweaver Server Support Specialist I The Computer Merchant, Ltd US-OK-Oklahoma City Post A Job | Post A Resume By design security issues with linux default limited accounts (Ubuntu's sudo is not secure) Jul 18, 2009, 15 :05 UTC (10 Talkback[s]) (6260 reads) [ Thanks to Mihai Varzaru for this link. ] "1. The problem In Ubuntu gksu and sudo can be hijacked by an attacker who already has access to the current non-administrative account. In order to do that you can simply create a bin directory in your home folder, add that directory to PATH and create in it the scripts: gksu and sudo. The scripts would silently run any application the attacker wants with root privileges and start the application you wanted to start in the first place so that you won’t notice a thing. "So, after the attacker application (got on a website with a firefox bug for example) gets access to your limited account all it has to do in order to get root access is the above and wait for you run something with administrative rights (like synaptic from the menu; at some point even the updater which runs automatically was calling gksu with a relative path)." Complete Story Related Stories: 10 Expert Ubuntu Tricks(Apr 14, 2009) Master Your Linux Keyboard (And Fix Caps Lock Forever)(Jul 10, 2007) What Happens When You Run "sudo rm -rf /" (video)(Apr 10, 2009) Running Complex Commands with sudo(Apr 03, 2009) Stop Telling sudo Your Password(Mar 21, 2009) sudo: Running a Command with root Privileges(Dec 27, 2008) sudo, or Not sudo: That is the Question(Feb 10, 2008) Running Firefox as Another User, Using sudo(Apr 24, 2007) PolishLinux: Sudo FAQ(Feb 27, 2007) Linux.com: CLI Magic: sudo Voodoo(Nov 08, 2005) Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat     Talkback(s) Name  and Date   Step by step    Brandioch Conner Jul 19, 2009, 00:40:19     Sudo only for home users    Stomfi Jul 19, 2009, 01:03:52     Wrong    Richard Steven Hack Jul 19, 2009, 03:28:24     Re: Wrong    Pierre Lemay Jul 19, 2009, 04:34:05     Finer grained privilege    Yim Jul 19, 2009, 08:29:07     Re: Step by step    jpw Jul 19, 2009, 17:59:48     Re: Step by step    daglan Jul 19, 2009, 19:08:33     Re: Re: Step by step    DDahl Jul 20, 2009, 00:11:55     Re: Re: Re: Step by step    daglan Jul 20, 2009, 06:31:26     Re: Re: Re: Re: Step by step    DDahl Jul 20, 2009, 21:19:57     Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications Adobe Article: Java Developers Finding a Home at Adobe Flex IBM Articles: A Smarter Business Needs Smarter Technology Intel Xeon Processor Increases Server Efficiency and Capabilities Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database Oracle Whitepapers - Innovation for IT Leaders Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT Internet.com eBook: IT Manager's Guide to Social Networking Internet.com eBook: Get Ready for Windows 7 Microsoft Article: Expression Web 3--New Features for PHP Developers Whitepapers: Manage Your Business Infrastracture with IBM Whitepaper: Maximize Your Storage Investment with HP Internet.com eBook: Becoming a Better Project Manager Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Webcast: Connecting PHP to Microsoft Technologies Video: Microsoft Partner Program Benefits Video: Windows Azure Debugging Tips SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports IBM Webcast: Speed Business Innovation with Reduced Cost and Risk Video: Deploy Applications on Windows Azure MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Downloads & Free Trials: Microsoft's New Efficiency Resource Center Get the Windows 7 SDK Free Trial: Red Gate SQL Backup Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Virtual Lab: Migrating PHP Applications Enabling Web Slices and Accelerators with a PHP Site Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products All About Botnets MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES