Re: PrivSep

["Darren Spruell" <phatbuckett () gmail com>]

On 6/19/07, Sebastian Krahmer <krahmer () suse de> wrote:
> Not to mix up with Priv Sepp wich is me (maybe only a funny joke in
> german:)
>
> http://c-skills.blogspot.com/2007/06/note-on-privilege-separation.html
>
> Especially the recursive aspect of sneaking into a session makes this
> a real problem.

Interesting, but is there ever an assumption that these sessions are
"secured" from the superuser in Unix in the first place?

- root has direct access to memory to retrieve session keying material
- root can read the shadow password file
- root can trojan/patch sshd to collect credentials and session data
- root can read/write the pty
- ...

Seems like fearing root on a (local or remote) system you're logging
into is a little redundant.

DS
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave