Linux graphical password dialog trick security

guilinuxpasswordSecuritysudo

When we run a command by sudo, the password is asked

[sudo] password for user

If the sudo is not typed the password should not be asked. If asked, I would assume it as a fraud by the application.

How about graphical applications which ask us password through a GUI? If asked for password, how can we differentiate between Linux original password dialogue or a dialogue generated by the application to look like Linux one?

Authentication dialog

Best Answer

When I worry about this, I run sudo -k; sudo date && sudo -n wooden-horse-command. Then I'll be prompted for the password exactly once (by sudo date), and the sudo ticket should be fresh for the following command.

Not that this gains much in terms of security, you understand. A malicious program that installs a keylogger will be more effective at grabbing your password, even if it isn't run as root.

Related Solutions

Bash – Graphically ask for password in a bash script and retain default sudo timeout setting

I add this to my bash script:

# ask for password up-front.
sudo -v
# Keep-alive: update existing sudo time stamp if set, otherwise do nothing.
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &

Found it here:

https://serverfault.com/questions/266039/temporarlly-increasing-sudos-timeout-for-the-duration-of-an-install-script

https://gist.github.com/cowboy/3118588

I use another script to launch my main script and I use a .desktop file to launch that helper script. It's not very straightforward, but it can be made to work 100% GUI. I'm still looking for the perfect solution, but this is doing the trick for now.

Linux – Changing user password through GUI app

I think the right answer here is: don't shell to a command-line tool — use a library call. This will let you handle errors better, and avoids risk-prone passing of the password on a command line.

One library you can use is libuser, which is relatively simple and has C and Python bindings.

Best Answer

Related Solutions

Bash – Graphically ask for password in a bash script and retain default sudo timeout setting

Linux – Changing user password through GUI app

Related Question