Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: keylogger to interferret SUDO

  1. #11
    Join Date
    Nov 2008
    Location
    Lleida, Spain
    Beans
    1,157
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: keylogger to interferret SUDO

    When you type sudo, you're invoking a setuided file. This means that sudo runs under root user and you don't have acces to root user page memory unles you're root.

    Only a keylogger executed under root can read the keyboard when executing sudo.

  2. #12
    Join Date
    Jun 2012
    Beans
    301

    Re: keylogger to interferret SUDO

    STORAGE KEY

    I keep referring to this,-- it's 360/370 lingo: the supervisor ran in protect key 0 and protect keys 1 through 15 were for user partitions/regions running applications. yep, just 16 keys were all we had ( but nobody had enough memory to run that many regions )

    If I've done my homework properly the Intel x86 processors create a set of tables for memory protection -- essentially keeping track of what belongs to who -- and what privileges are allowed -- in a set of tables maintained by the kernel.

    Virtual memory being and additional separate scheme...

    Hopefully Linux has fully implemented the memory protection model -- which it is my understanding Windows does not

    reference: The Rootkit Arsenal Bill Blunden ISBN 13:978-1-59822-061-2

    see also http://www.theregister.co.uk/2004/10...dows_vs_linux/

    ( the above is a bit dated bu nonetheless insightful )

  3. #13
    Join Date
    Mar 2009
    Beans
    1,323

    Re: keylogger to interferret SUDO

    Quote Originally Posted by mike acker View Post
    ...
    I don't see that happening -- unless -- a key logger gets installed -- either intentionally by the system operator -- or by an attack
    That's just the deal. If you get in the habit of just clicking "yes" and you are either root (something Ubuntu goes out of the way to disable) or you have SUDO access (the first user, for example, or anyone you give admin rights to) then you ARE vulnerable.

    BTW I'm a programmer but not a UNIX programmer. The event model I used is approximately correct, but I can't vouch for it.

    but i don't see that happening in Linux,-- those privileged modules that are a problem in Windows should be running in "userland" as trusted programs in Linux -- which should help to reduce the paths available to an attacker. Ideally the ONLY way to install a program is via the Official Installer -- which requires the Administrator password,-- and hopefully a digital signature authenticating the distribution-- whether o/s update, or app.
    Again, if you installed the system then it doesn't matter what your username is. If you can type your password to install updates, then you can also (possibly inadvertently) install malware which can affect your entire system.

    If you're NOT that user, you can install software in your own user space which you can compile and run, and it will have access to anything YOU have access to. So you can thoroughly trash your own files.

    It looks to me that for most of us if we just follow Linux recommendations our systems are not likely to get hacked.
    +10,000,000,000

    The thing is, learn to look at advisories and read a few security howto's.
    Help stamp out MBR partition tables. Use GPT instead!

  4. #14
    Join Date
    Mar 2011
    Beans
    669

    Re: keylogger to interferret SUDO

    Quote Originally Posted by albandy View Post
    When you type sudo, you're invoking a setuided file. This means that sudo runs under root user and you don't have acces to root user page memory unles you're root.

    Only a keylogger executed under root can read the keyboard when executing sudo.
    This is the case for any separate UID. X bypasses this.

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •