On Thu, 2008-11-06 at 12:04 -0500, Daniel J Walsh wrote: > Lets take a look at system-config-services. This service comes up and > prompts me for the root password before I start and stop a service. That > is good, works just like it did when system-config-services used > consolehelper. Incidentally, a related problem with this is that as a user I have no way of knowing which application generated that pop-up dialog asking for my root password. I may be wrong, but I don't believe there is any way whatsoever for the user to tell reliably that the pop-up dialog is legitimate. If there is a way to tell it is legitimate, it is not quite obvious enough. The only clue I can have that I should indeed input my password is timing. If I didn't do anything mandating a request for my root password in the previous second, I'm unlikely to trust the pop-up. But this is obviously a very weak security guarantee. As an example scenario, I believe any user application can be notified when the network connection goes up and down (through D-Bus?). Such a connection related event is probably a good time for a rogue application to display such a pop-up. (e.g. with the tendency of wireless connection to go down unexpectedly at random times). This is not a very smart scenario, I'm sure attackers would come up with much more convincing ones, but that one would work at least on some users some of the time. Any arbitrary code execution vulnerability in a user space application like Firefox has the potential of becoming a successful remote root exploit, just because the user got fooled. This weakness has been present for quite a while now, I would imagine people have thought about it before. But it may be worth thinking about it again, especially in light of the recent trend to ask for you root password in new and unexpected way at odd times. Regards, Eric. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
