| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2007 17:39:37 +0000 From: John Smith <genericjohnsmith@...il.com> To: Marvin Simkin <Marvin.Simkin@....edu> Cc: "K F (lists)" <kf_lists@...italmunition.com>, <bugtraq@...urityfocus.com> Subject: Re: Remove all admin->root authorization prompts from OSX haha, and I believe kev already had something to say on the topic when a n00b had previously posted that as a vuln in Mac OS X: "Explain to me how this is a MacOS specific bug? I can duplicate this behavior on my debian linux machine." http://www.securityfocus.com/archive/1/395142/30/0/threaded John On Jan 25, 2007, at 6:34 PM, Marvin Simkin wrote: > I respectfully disagree with this proposal and maybe we should > discuss it. > > Being a member of the admin group is NOT 100% equal to being root. > Therefore when you switch from admin group to uid=0 you are > escalating privileges. A trojan that gets control of an admin's > session should not be able to escalate itself to root without a > password prompt, which requires a human to decide (rightly or > wrongly...) yes I do want to increase the authority of this process. > > Sure, an admin should be smart enough not to get trojaned, but what > if they do anyway? > > Maybe a cracker could write a trojan that esclates itself using the > powers of the admin group, but why make it easier for those who > don't know how? > > The myth that it should be easy for uneducated users to expose > their computers to harm is one reason why certain other GUI > platforms have so many security problems. > > > host:/tmp1 sysmsimkin$ id > uid=505(sysmsimkin) gid=505(sysmsimkin) groups=505(sysmsimkin), 81 > (appserveradm), 79(appserverusr), 80(admin) > host:/tmp1 sysmsimkin$ ls -ld /tmp1 > drwxr-xr-x 3 501 admin 102 Jun 28 2006 /tmp1 > host:/tmp1 sysmsimkin$ mkdir /tmp1/tmp2 > mkdir: /tmp1/tmp2: Permission denied > host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash > Password: > host:/tmp1 root# mkdir /tmp1/tmp2 > host:/tmp1 root# ls -ld /tmp1/tmp2 > drwxr-xr-x 2 root admin 68 Jan 25 11:20 /tmp1/tmp2 > host:/tmp1 root# exit > host:/tmp1 sysmsimkin$ rmdir /tmp1/tmp2 > rmdir: /tmp1/tmp2: Permission denied > host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash > host:/tmp1 root# rmdir /tmp1/tmp2 > host:/tmp1 root# exit > host:/tmp1 sysmsimkin$ > > More interesting (to me) why wasn't I prompted for a password the > second time? (Yes I know it was designed that way, I'm asking was > that the right decision.) Presumably there is a window of > vulnerability for a few minutes AFTER you have been root during > which you could fall victim to a trojan. > > ------------------------------------- > Marvin Simkin > Planetary Geology Group > School of Earth and Space Exploration > Arizona State University > http://simkin.asu.edu/ > > > > -----Original Message----- > From: K F (lists) [mailto:kf_lists@...italmunition.com] > Sent: Wed 2007-01-24 18:20 > To: bugtraq@...urityfocus.com > Subject: Remove all admin->root authorization prompts from OSX > > http://www.petitiononline.com/31337OSX/petition.html > > -KF > >
Powered by blists - more mailing lists