A way for malware to gain root access?

[mynameinc]

You can do that, but you don't need the user's password once you gain root access. root never gets asked for its password in Ubuntu. It does on Debian, and I don't know about the other distros. Any distro that doesn't use sudo probably sets a root password, I imagine. In simple terms for others a bit lost by all this, when you open Synaptic, you're essentially running this code:

Code:

gksudo synaptic

By replacing the launcher, you can change it to

Code:

gksudo malware_exploit && synaptic

Your malware is launched as root. Now the malware can put itself in your boot-up script, allowing it to be launched as root whenever you switch your machine on. It essentially has permanent root access, without ever having to steal your password. Once it has root access, then sure, there are numerous ways it could grab your password. It could replace sudo and gksudo with keylogging versions, for instance. The point is, though, that once malware has root access, knowing your sudo password is irrelevant. It doesn't need it to do damage.

This is a persuading reason to switch to Debian when I go 64-bit.

[monsterstack]

This is a persuading reason to switch to Debian when I go 64-bit.

Maybe, but when you launch applications with root privileges on Debian, the dialogue will ask you for your root password and not your user password. That leads me to suspect this trick probably works on Debian too. My Debian partition has been in a state of bork for a few months so I can't test this exploit there.

[lykwydchykyn]

I don't know about gksudo, but when I use kdesudo, the dialog that comes up tells me in bold what it's about to run with root privileges. e.g, if I run "kdesudo xterm", the dialog says

Code:

xterm requires administrative privileges to run.  Please enter your password.

command: xterm

Obviously, this doesn't help if you don't read the dialog, but it's likely to catch your eye if the malware command is conspicuously named or given a full path (which it would need if it were in your home directory).

I don't know if there's a fool proof way to make this secure without making the system extremely unfriendly, but it would be nice to have options for the more paranoid among us to turn off the menu overrides.

Note that you CAN disable execute for a partition, which if enabled for your home directory would make it impossible to execute a malware binary from anywhere the user could write to. It wouldn't stop sending a script to an interpreter, though (so gksudo bash /home/unfortunateuser/malwarescript.sh && synaptic would work).

[sertse]

But wouldn't it say "malware_exploit && synaptic" in the gui popup to ask for your password? It would be pretty obvious. In debian, using su, you have are required to enter your password each time you do something requiring root priveleges. Ubuntu iirc has sudo timeout, where actions within a certain time limit after the first time you entered the password, you don't need to renter the password again. You only need to do so again after the timeframe has expired.

[Pogeymanz]

I don't know about gksudo, but when I use kdesudo, the dialog that comes up tells me in bold what it's about to run with root privileges. e.g, if I run "kdesudo xterm", the dialog says

Code:

xterm requires administrative privileges to run.  Please enter your password.

command: xterm

Obviously, this doesn't help if you don't read the dialog, but it's likely to catch your eye if the malware command is conspicuously named or given a full path (which it would need if it were in your home directory).

That's very good. I vote that gksu(do) should adopt that as well. That would fix the problem. Good game.

This is a persuading reason to switch to Debian when I go 64-bit.

No it isn't. It doesn't matter that root doesn't have a password in Ubuntu. Once you elevate privilege, whether through sudo or su, you can do anything you want. It doesn't matter. Any exploit in Ubuntu would be equally easy in Debian.

[lykwydchykyn]

That's very good. I vote that gksu(do) should adopt that as well. That would fix the problem. Good game.

If it doesn't already, it should. Anyone with a GNOME bugzilla account should file a wish/bug.

No it isn't. It doesn't matter that root doesn't have a password in Ubuntu. Once you elevate privilege, whether through sudo or su, you can do anything you want. It doesn't matter. Any exploit in Ubuntu would be equally easy in Debian.

Agreed. Debian would have gksu which could be used exactly the same way.

[aysiu]

Can someone explain how this corrupt .desktop file got into the user's home directory in the first place?

[lykwydchykyn]

Can someone explain how this corrupt .desktop file got into the user's home directory in the first place?

nekkid_pix.tar.gz

[mynameinc]

That's very good. I vote that gksu(do) should adopt that as well. That would fix the problem. Good game.



No it isn't. It doesn't matter that root doesn't have a password in Ubuntu. Once you elevate privilege, whether through sudo or su, you can do anything you want. It doesn't matter. Any exploit in Ubuntu would be equally easy in Debian.

Ah, now I see. Sorry, new to Linux (1 mo. or so). Is there any Debian-based distro not vulnerable?

[aysiu]

nekkid_pix.tar.gz

Then the security flaw is in the user, not the OS.