Re: Subverting eTrust Access Control on UNIX (file execution)

[Tim Brown <tmb () 65535 com>]

On Wednesday 10 December 2008 16:30:30 arvind doraiswamy wrote:
> Well .. Not totally related this. Alll the same you'd need to gain
> access to the system someway (vuln, open share, webdav, default
> password, ftp whatever) before you'd think of uploading binaries.
> Unless you already gained access to those folders. And if you've got
> as much access as that .. you would probably just be able to turn
> things off itself or drop a rootkit in there as a POC. Just another
> way of thinking - You might not need to bypass at all.

Not necessarily true, AC doesn's use OS privileges when authorising/denying 
access. One purpose of it is to neuter OS level accounts.  For example, using 
AC I could remove all privileges from the root user and reassign them to 
someone else.  That being said, disabling it is a valid point.  "secons -s" 
is your friend in this regard *assuming* you have access to an account that 
is defined as an AC admin in the local policy being enforced.

Tim
-- 
Tim Brown
<mailto:tmb () 65535 com>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------