sudo security concerns ?
Colin Watson
cjwatson at canonical.com
Fri Nov 26 06:39:53 CST 2004
On Fri, Nov 26, 2004 at 05:55:17AM +0000, Paul Sladen wrote:
> On Thu, 25 Nov 2004, Karl Hegbloom wrote:
> > Can a program or script running under my own UID monitor keystrokes and
> > learn my sudo password?
>
> The question is the same when it comes to logging 'su' passwords. Under X,
> it is fairly easier to record keystrokes if a program is not securing the
> keyboard. That's an X issue and not related to sudo though.
I'm not even sure it's really an X issue. Consider a modified xterm (or
whatever) placed on the user's path.
--
Colin Watson [cjwatson at canonical.com]
More information about the ubuntu-devel
mailing list