On Mon, 24 Feb 2020 13:46:46 +0100
Didier Kryn wrote:
> Le 24/02/2020 à 10:44, aitor a écrit :
> > Hi Didier,
> >
> > En 24 de febrero de 2020 10:01:33 Didier Kryn
> > escribió:
> >
> >> Le 24/02/2020 à 01:16, Aitor a écrit :
> >>>
> >>> Hi Tito,
> >>>
> >>> On 23/2/20 17:02, Tito via Dng
Le 24/02/2020 à 10:44, aitor a écrit :
Hi Didier,
En 24 de febrero de 2020 10:01:33 Didier Kryn escribió:
Le 24/02/2020 à 01:16, Aitor a écrit :
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them
Hi Didier,
En 24 de febrero de 2020 10:01:33 Didier Kryn escribió:
Le 24/02/2020 à 01:16, Aitor a écrit :
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them equals to more attack surface.
I would
Le 24/02/2020 à 01:16, Aitor a écrit :
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them equals to more attack surface.
I would stay with just one suid binary, more so if you want to go the
su-only
Le 23/02/2020 à 16:26, Aitor a écrit :
On 23/2/20 16:22, Aitor wrote:
- To have a look at the code of ssh-askpass, suggested by Didier
Krin, whose dialog frame is useful only for X11 and not for wayland.
Kryn :)
ssh-askpass is just an example. There is certainly something usable
in
On 2020-02-23 22:10, marc wrote:
> If I understand you correctly, you propose a simple gtk
> program that is setuid (so that it can read /etc/shadow, and
> grant root privileges). The problem is that there is no such
> thing as a simple gtk program. This is not comment limited to
> gtk programs
Hi,
On 23/2/20 23:10, marc wrote:
You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about
Hi Tito,
On 23/2/20 17:02, Tito via Dng wrote:
Why use 2 binaries rather than one, more programs, more code, more
communication in between them equals to more attack surface.
I would stay with just one suid binary, more so if you want to go the
su-only route.
I'll answer to this question in
On 2/23/20 11:10 PM, marc wrote:
You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about
> >>You should never send an unencrypted password over a shell or pipe.
So in the case of the former (using the shell, via echo or an
environment variable) you are correct. Those show up in process
listings...
I am not so sure about the second part, the bit about not passing
confidential
Hi again Tito,
On 23/2/20 17:02, Tito via Dng wrote:
On 2/23/20 4:22 PM, Aitor wrote:
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root
password through the
On 2/23/20 4:22 PM, Aitor wrote:
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password through
the mentioned unix socket using internally (sudo | su)
On 23/2/20 16:22, Aitor wrote:
- To have a look at the code of ssh-askpass, suggested by Didier Krin,
whose dialog frame is useful only for X11 and not for wayland.
Kryn :)
___
Dng mailing list
Dng@lists.dyne.org
Hi Tito,
On 23/2/20 14:15, Tito via Dng wrote:
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password
through the mentioned unix socket using internally (sudo | su)
afterwards.
As simple as that:
system(
On 2/23/20 1:54 PM, Aitor wrote:
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password through
the mentioned unix socket using internally (sudo | su) afterwards.
As simple as that:
system( "echo | sudo -S ");
I tested my first draft and
Hi,
On 23/2/20 13:17, Aitor wrote:
The binary won't be suid, but rather it'll receive the root password
through the mentioned unix socket using internally (sudo | su) afterwards.
As simple as that:
system( "echo | sudo -S ");
I tested my first draft and it works. Do it simple, isn't it?
Hi Tito,
On 23/2/20 13:19, Tito via Dng wrote:
Hi,
please don't restrict it, make it a universally usable tool.
Ok :)
Why using a socket maybe KISS?
For inspiration you can take a look at:
https://git.busybox.net/busybox/tree/loginutils/su.c
this is tested and widely used code.
Thanks
Hi,
On 23/2/20 13:23, Aitor wrote:
Hi Tom,
On 23/2/20 13:21, tom wrote:
What happens when a password isn't need, such as when a sudo policy is
set?
Are you referring to the sudo | su duality?
Aitor.
If so, the application might check the sudo permissions of the current
user, reading the
Hi Tom,
On 23/2/20 13:21, tom wrote:
What happens when a password isn't need, such as when a sudo policy is
set?
Are you referring to the sudo | su duality?
Aitor.
___
Dng mailing list
Dng@lists.dyne.org
On Sun, 23 Feb 2020 13:17:21 +0100
Aitor wrote:
> Hi,
>
> On 23/2/20 12:34, Aitor wrote:
> >
> > Hi Steve,
> >
> > On 21/2/20 21:57, Steve Litt wrote:
> >> Will it work even if I'm not using lxqt? Does it stand alone?
> >>
> >> SteveT
> > I've just started developing a replacement for gksu
On 2/23/20 12:34 PM, Aitor wrote:
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following the same
method used in simple-netaid,
that is: a suid binary
Hi,
On 23/2/20 12:34, Aitor wrote:
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following
the same method used in simple-netaid,
that is: a suid binary
Hi Steve,
On 21/2/20 21:57, Steve Litt wrote:
Will it work even if I'm not using lxqt? Does it stand alone?
SteveT
I've just started developing a replacement for gksu in gtk2 following
the same method used in simple-netaid,
that is: a suid binary receiving the password through an unix
On 2/21/20 10:56 PM, Florian Zieboll wrote:
On Fri, 21 Feb 2020 15:57:42 -0500
Steve Litt wrote:
On Wed, 19 Feb 2020 01:23:47 -0800
tom wrote:
Just found a drop-in replacement for gksudo. It's called lxqt-sudo.
https://github.com/lxqt/lxqt-sudo
It works pretty well.
Will it work even
On Wed, 19 Feb 2020 15:17:06 +0100
Tito via Dng wrote:
>
>
> On 2/19/20 10:23 AM, tom wrote:
> > On Wed, 19 Feb 2020 00:35:26 -0800
> > tom wrote:
> >
> >> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> >> Devuan doesn't just fish around for the old gksudo git repo and
>
On Fri, 21 Feb 2020 15:57:42 -0500
Steve Litt wrote:
> On Wed, 19 Feb 2020 01:23:47 -0800
> tom wrote:
>
> >
> > Just found a drop-in replacement for gksudo. It's called lxqt-sudo.
> > https://github.com/lxqt/lxqt-sudo
> > It works pretty well.
>
> Will it work even if I'm not using lxqt?
On Wed, 19 Feb 2020 01:23:47 -0800
tom wrote:
> On Wed, 19 Feb 2020 00:35:26 -0800
> tom wrote:
>
> > Deprecated gksudo? Well thats pretty dumb. Any particular reason
> > Devuan doesn't just fish around for the old gksudo git repo and
> > continue that instead of dealing with this policykit
On 2/19/20 10:23 AM, tom wrote:
On Wed, 19 Feb 2020 00:35:26 -0800
tom wrote:
Deprecated gksudo? Well thats pretty dumb. Any particular reason
Devuan doesn't just fish around for the old gksudo git repo and
continue that instead of dealing with this policykit mess of
complexity? You can
On Wed, 19 Feb 2020 00:35:26 -0800
tom wrote:
> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> Devuan doesn't just fish around for the old gksudo git repo and
> continue that instead of dealing with this policykit mess of
> complexity? You can allow users in your a group for
29 matches
Mail list logo