MightyE wrote:

> If anything I'd call this a security consideration of Escape Pod.
> Perhaps Escape Pod should try to talk to the process it's about to
> kill, and get its 'permission' for killing, and failing a timely
> response (2 secs?), drop the program. ScreenSaverEngine would have to
> be tailored to respond to such a request.
>
> On Linux, doesn't xscreensaver run as root? Wouldn't this be another
> option here (I'm admittedly unfamiliar with Mac OS X), preventing
> Escape Pod from even being capable of terminating the screensaver
> process? Or does Escape Pod also run as root?
>
> If you ask me, Escape Pod owes it to their users to develop the
> product in such a way so to not nullify reasonable security measures
> on the part of the OS, even if that's an option to never terminate
> processes named ScreenSaverEngine.
>
> -MightyE
>

You read my mind on this one. However, one of the complaints I've heard
about having xscreensaver as a SUID root binary is that an exploitable
vulnerability (buffer overflow, et al) in the xscreensaver binary could
allow an attacker even greater elevated priviledges (much worse than
simply killing ScreenSaverEngine)... a solution to this would be running
the ScreenSaverEngine SUID some other user (like, oh, maybe
"screensaver")... and that should stop a usermode program from killing
the screensaver. Unless, as you mentioned, that usermode program were
running as SUID root - in which case I'd have to ask: Why in the name of
$DEITY are you running a program that can kill any process on the screen
as root?!?

-Barry

p.s. I don't have a Mac OS X system on hand nor do I have access to
one. I have no way to test the plausibility of this solution on that
particular system. :)

[ reply ]