lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dotslash at snosoft.com (KF)
Subject: Re: HTML Help API - Privilege Escalation

Sebastian Niehaus wrote:

>KF <dotslash@...soft.com> writes:
>
>[...]
>
>  
>
>>I would relate this
>>type of attack to a setuid program calling system("clear") while
>>running as root on a unix machine. This does not mean that system() is
>>flawed rather that when implementing this call you need to be more
>>careful and drop your privs. 
>>    
>>
>
>Well, if you have a programm to be run in suid mode, every Unix admin
>should be alerted. They are used to review the source code of this
>kind of stuff.
>  
>
By the same token on a win32 machine when I hit ctrl alt del ... 
anything that says SYSTEM on it I usually take a quick peak at. There 
are plenty of win32 programs that run in a privleged mode. Rewording 
what you said .. every Winblows admin should be alert orfSYSTEM level 
applications (be it a service or a desktop application).

>You won't be able to do this with your average windows junk...
>  
>
Well there are not setuid applications in win32 but as I mentioned above 
there are apps that run with elevated priv levels. Heck look at shatter 
type attacks... In the win32 world thats about as close to a local 
attack (on unix) against a setuid binary.

-KF

Powered by blists - more mailing lists