[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password problems

On Sun, Feb 17, 2008 at 10:24:13AM +0530, Raj Kiran Grandhi wrote:
> Douglas A. Tutty wrote:
> >On Sat, Feb 16, 2008 at 09:38:03PM -0500, Frank McCormick wrote:
> >>On Sat, 16 Feb 2008 20:54:33 -0500
> >>"Douglas A. Tutty" <dtutty@porchlight.ca> wrote:
> >>>On Sat, Feb 16, 2008 at 08:15:07PM -0500, Frank McCormick wrote:
> >>>>On Sat, 16 Feb 2008 17:32:56 -0600
> >>>>"Russell L. Harris" <rlharris@oplink.net> wrote:
> >>>>>* Frank McCormick <fmccormick@videotron.ca> [080216 17:21]:
 
> >If gtk apps are able to do things as root if you type in the old root
> >password but non-gtk apps will not work with the old root passwd but
> >will with the new root passwd, and if you can su (not sudo) to root
> >using the new root password but not the old root password, then gtk has
> >been storing the root password in some form.  I call that a breach plain
> >and simple.  It may be a design flaw that needs to be tracked down or it
> >could be that your particular box has been compromised.  Either way, I
> >would call the box compromised.  
> 
> I wonder if gtk is indeed able to gain root privilege. For that to 
> happen I thing all the following should be met (please correct me if I 
> am wrong):
> 
> 1. gnome/gtk is running as root (I do not think that is the case)
	or there's a bug allowing privledge escalation.
> 2. gnome/gtk caches the password first time the user provides it, 
> probably after comparing the hash with /etc/shadow.
	Now you have a user-level program with the root password stored
	who-knows-where.  Not good.
> 3. Everytime something needs to be done as root, the user is prompted 
> for a password and the supplied password is compared to the cached one 
> before granting root privilege.
	It should be using pam or su or sudo; established mechanisms.
> 
> I don't think something like this has been going on.
> 
> Unless gnome/gtk is running as root and does the job of hashing the 
> password provided and comparing it with /etc/shadow, how can it *gain* 
> root privilege once the password is changed? By supplying the old 
> password, gnome/gtk may think the user has the required rights, but 
> unless the underlying authentication mechanism (pam?) also does this 
> sort of caching, the authentication should fail.
> 

And from the descriptions, it hasn't been failing.  That's my concern.
Type in the old root password and do something that only root should be
able to do.

> >
> >I would find a temporary test box (any old box will do).  Install a gtk
> >system and test this out.  Use a gtk app that asks for the root
> >password, then change the root passwd with passwd (and not a gtk app)
> >and then see what the gtk app will accept.  If it will only accept the
> >old passwd then its a GTK design flaw.  If it will only accept the new
> >root passwd then your box has been compromised.
> 
> Just did that. I ran gdmsetup from the "System" menu on the gnome-panel. 
> Provided root password and asked it to "Save it for this session".
> Closed gdmsetup and launched it again. No password asked.
> Closed gdmsetup, changed root password from a terminal and relaunched 
> the gdmsetup. No prompt for password, but got an error saying that the 
> wrong password has been supplied.
> 

This is as it should be.

If this is not how it is happening on the subject box, then consider the
box compromised.

Doug.
Reply to: