Vuln Dev
Re: Vulnerability Disclosure Jun 07 2007 12:21PM
Jonathan Leffler (jleffler us ibm com) (1 replies)
Re: Vulnerability Disclosure Jun 08 2007 05:10PM
Valdis Kletnieks vt edu (2 replies)
On Thu, 07 Jun 2007 05:21:06 PDT, Jonathan Leffler said:
> Wouldn't the person be able to do those things anyway? So, is there an
> actual risk of exploitation by someone unauthorized? If the person
> installing has the privileges to abuse their system and then subverts an
> installer into abusing their system, how much of a problem is it really?

The *real* attack vector here is "Can you, as an outsider, get the sysadmin
to run a installer script that *looks* OK at first glance, but ends up
doing something untoward by abusing the setup.exe that the sysadmin sees
in the script but doesn't actually look closely at"?

export LICENSE_KEY=`cat license.file`;

is a good way to get a blob of binary data into the environment without
too much scrutiny... now if you can get setup.exe to branch to it.. ;)

The *other* corner case to consider - the person has the privs, but is
untrustworthy, but wants to plant a backdoor for a co-conspirator without
the command audit trail showing anything untoward. "Hey, I didn't do it,
I just ran setup.exe to install the program. Take a look at the audit trail,
that's the only thing I ran..."

Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001


[ reply ]
Re: Vulnerability Disclosure Jun 16 2007 07:36PM
Lincoln Yeoh (lyeoh pop jaring my)
Re: Vulnerability Disclosure Jun 08 2007 05:33PM
Jonathan Leffler (jleffler us ibm com)


Privacy Statement
Copyright 2010, SecurityFocus