[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44EC5463.7000407@trifinite.org>
Date: Wed, 23 Aug 2006 09:13:07 -0400
From: K F <kevin@...finite.org>
To: Propaganda Support <support@...pagandaprod.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO
TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]
Propaganda Support wrote:
>
> Then you aren't an admin user. You're using someone else's admin
> account. This is not simply arguing over semantics. These concepts are
> well defined on Unix-based systems.
I must have missed that man page. I can't find the one that says if you
don't have the password for user X then you are not user X.
>
> If your argument is based primarily on allowing others to have access
> to an admin account which is not theirs (i.e., for which they do not
> have the password), then you really don't have much of an argument. In
> general, this is a VERY BAD IDEA, and is completely unnecessary on a
> multi-user system like OS X.
>
I assume you never considered that folks do gain access to peoples
accounts from time to time... so just for the sake of argument.... say I
take advantage of the latest lets say Bluetooth bug in OSX that allows
me to obtain the privileges of the logged in user. I have caught you
with your Bluetooth chip enabled and have managed to get a remote shell
on your computer while you are logged in as an admin level user. I am
now an admin level user regardless of having your password or not...
(sure I can rm your home dir but I can't add a user or do anything else
root level) By your understanding of an admin user it seems as if you
have absolutely NO problem with me as an attacker simply making my self
root at this point. You seem to hold no differentiation between someone
that has gid=admin and root regardless of if they have a password or not.
I am guessing that you also do not see an issue in the behavior of not
re locking control panel (like OSX does by default) item as well?
-KF
> Kind Regards,
> -jeff
>
> --Jeff Holland
> http://propagandaprod.com
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists