lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070604110743.GN4363@elf.ucw.cz>
Date:	Mon, 4 Jun 2007 13:07:43 +0200
From:	Pavel Machek <pavel@....cz>
To:	david@...g.hm
Cc:	Valdis.Kletnieks@...edu,
	David Wagner <daw-usenet@...erner.cs.berkeley.edu>,
	linux-kernel@...r.kernel.org
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

On Fri 2007-06-01 11:00:50, david@...g.hm wrote:
> On Fri, 1 Jun 2007, Valdis.Kletnieks@...edu wrote:
> 
> >On Thu, 24 May 2007 14:47:27 -0000, Pavel Machek said:
> >>Yes, if there's significantly more remote bad guys than local bad
> >>guys, and if remote bad guys can't just get some local user first, AA
> >>still has some value.
> >
> >Experience over on the Windows side of the fence indicates that "remote bad
> >guys get some local user first" is a *MAJOR* part of the current real-world
> >threat model - the vast majority of successful attacks on end-user boxes 
> >these
> >days start off with either "Get user to (click on link|open attachment)" or
> >"Subvert the path to a website (either by hacking the real site or 
> >hijacking
> >the DNS) and deliver a drive-by fruiting when the user visits the page".
> 
> and if your local non-root user can create a hard link to /etc/shadow and 
> access it they own your box anyway (they can just set the root password to 
> anything they want). 

I think you need to look how unix security works:

pavel@amd:/tmp$ ln /etc/shadow .
pavel@amd:/tmp$ cat shadow
cat: shadow: Permission denied
pavel@amd:/tmp$

Yes, regular users are permitted to hardlink shadow, no, it is not a
security hole, yes, it is a problem for AA.
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ