lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44EC5463.7000407@trifinite.org>
Date: Wed, 23 Aug 2006 09:13:07 -0400
From: K F <kevin@...finite.org>
To: Propaganda Support <support@...pagandaprod.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO
	TOAST	7 TITANIUM - LOCAL ROOT COMPROMISE ]

Propaganda Support wrote:
>
> Then you aren't an admin user. You're using someone else's admin 
> account. This is not simply arguing over semantics. These concepts are 
> well defined on Unix-based systems.
I must have missed that man page. I can't find the one that says if you 
don't have the password for user X then  you are not user X.
>
> If your argument is based primarily on allowing others to have access 
> to an admin account which is not theirs (i.e., for which they do not 
> have the password), then you really don't have much of an argument. In 
> general, this is a VERY BAD IDEA, and is completely unnecessary on a 
> multi-user system like OS X.
>
I assume you never considered that folks do gain access to peoples 
accounts from time to time... so just for the sake of argument.... say I 
take advantage of the latest lets say Bluetooth bug in OSX that allows 
me to obtain the privileges of the logged in user. I have caught you 
with your Bluetooth chip enabled and have managed to get a remote shell 
on your computer while you are logged in as an admin level user. I am 
now an admin level user regardless of having your password or not... 
(sure I can rm your home dir but I can't add a user or do anything else 
root level) By your understanding of an admin user it seems as if you 
have absolutely NO problem with me as an attacker simply making my self 
root at this point. You seem to hold no differentiation between someone 
that has gid=admin and root regardless of if they have a password or not.

I am guessing that you also do not see an issue in the behavior of not 
re locking control panel (like OSX does by default) item as well?

-KF

> Kind Regards,
> -jeff
>
> --Jeff Holland
> http://propagandaprod.com
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ