severity 474024 important tag 474024 + security thanks Le mercredi 02 avril 2008 à 22:53 +0300, Timo Lindfors a écrit : > man gksu mentions that gksu can "lock" keyboard, mouse and focus > before it asks for a password. This can easily give the misconception > that other programs running with the privileges of the user could not > capture the password.
> This claim is untrue since a malicious application running with the > privileges of the user can run > > strace -p `pidof gksu` -s 4096 -o strace.out > > and later recover the password (here "test1234") from strace.out: Indeed, gksu should be made setgid something to protect against such attacks. Cheers, -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
signature.asc
Description: Ceci est une partie de message numériquement signée
