| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2007 11:34:31 -0700 From: "Marvin Simkin" <Marvin.Simkin@....edu> To: "K F (lists)" <kf_lists@...italmunition.com>, <bugtraq@...urityfocus.com> Subject: RE: Remove all admin->root authorization prompts from OSX I respectfully disagree with this proposal and maybe we should discuss it. Being a member of the admin group is NOT 100% equal to being root. Therefore when you switch from admin group to uid=0 you are escalating privileges. A trojan that gets control of an admin's session should not be able to escalate itself to root without a password prompt, which requires a human to decide (rightly or wrongly...) yes I do want to increase the authority of this process. Sure, an admin should be smart enough not to get trojaned, but what if they do anyway? Maybe a cracker could write a trojan that esclates itself using the powers of the admin group, but why make it easier for those who don't know how? The myth that it should be easy for uneducated users to expose their computers to harm is one reason why certain other GUI platforms have so many security problems. host:/tmp1 sysmsimkin$ id uid=505(sysmsimkin) gid=505(sysmsimkin) groups=505(sysmsimkin), 81(appserveradm), 79(appserverusr), 80(admin) host:/tmp1 sysmsimkin$ ls -ld /tmp1 drwxr-xr-x 3 501 admin 102 Jun 28 2006 /tmp1 host:/tmp1 sysmsimkin$ mkdir /tmp1/tmp2 mkdir: /tmp1/tmp2: Permission denied host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash Password: host:/tmp1 root# mkdir /tmp1/tmp2 host:/tmp1 root# ls -ld /tmp1/tmp2 drwxr-xr-x 2 root admin 68 Jan 25 11:20 /tmp1/tmp2 host:/tmp1 root# exit host:/tmp1 sysmsimkin$ rmdir /tmp1/tmp2 rmdir: /tmp1/tmp2: Permission denied host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash host:/tmp1 root# rmdir /tmp1/tmp2 host:/tmp1 root# exit host:/tmp1 sysmsimkin$ More interesting (to me) why wasn't I prompted for a password the second time? (Yes I know it was designed that way, I'm asking was that the right decision.) Presumably there is a window of vulnerability for a few minutes AFTER you have been root during which you could fall victim to a trojan. ------------------------------------- Marvin Simkin Planetary Geology Group School of Earth and Space Exploration Arizona State University http://simkin.asu.edu/ -----Original Message----- From: K F (lists) [mailto:kf_lists@...italmunition.com] Sent: Wed 2007-01-24 18:20 To: bugtraq@...urityfocus.com Subject: Remove all admin->root authorization prompts from OSX http://www.petitiononline.com/31337OSX/petition.html -KF
Powered by blists - more mailing lists