Subverting eTrust Access Control on UNIX (file execution)

[RexRufi <rexrufi () gmail com>]

One of my clients is using CA Access Control (formerly eTrust Access
Control) to restrict execution of certain binaries to specifically
authorized users. Does anyone know how eTrust determines matches for
purposes of restricting access, i.e. is it simply path/file name or is
there a hash used?

As an authorized unprivileged user, I picture subverting this by
simply uploading my own version of these binaries, if needed.  If
eTrust is using a hash, I'll need to modify these so that they no
longer match.

Any ideas? There is not much detailed eTrust documentation out there
in the public domain.

Thanks for your insight,

Rex

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------