|
| From: | Riccardo Mottola |
| Subject: | Re: Secure privilege escalation |
| Date: | Mon, 3 Feb 2025 12:06:00 +0100 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 SeaMonkey/2.53.19 |
Hi, Ethan C wrote:
I would recommend that if you don't use polkit and you don't use a setuid binary, that you use sudo. sudo accepts the `-A` flag or the `SUDO_ASKPASS` environment variable to specify a graphical program to tell sudo the password; examples of programs that do this are `ssh-askpass` <https://packages.debian.org/unstable/ssh-askpass>, `gnome-ssh-askpass` <https://packages.debian.org/sid/ssh-askpass-gnome>, `ksshaskpass` <https://invent.kde.org/plasma/ksshaskpass>, and `lxqt-openssh-askpass` <https://github.com/lxqt/lxqt-openssh-askpass>. If you don't want to write an askpass binary using GNUstep-GUI, I'd recommend that you depend on `gnome-ssh-askpass` since almost all graphical users will have Gtk installed and have a desktop environment which properly handles Gtk applications (the desktop environments normally do /not/ set `SUDO_ASKPASS` or `SSH_ASKPASS`; you'll need to set it yourself when you call `sudo`).
aha, thanks for the info: I must look into that. Providing an GSAskPass then is what I need in GAP!
I will start playing ysing another ask pass and then switch over perhaps. Riccardo
| [Prev in Thread] | Current Thread | [Next in Thread] |