Vulnerability Development mailing list archives
Re: Vulnerability Disclosure
From: Valdis.Kletnieks () vt edu
Date: Fri, 08 Jun 2007 13:10:14 -0400
On Thu, 07 Jun 2007 05:21:06 PDT, Jonathan Leffler said:
Wouldn't the person be able to do those things anyway? So, is there an actual risk of exploitation by someone unauthorized? If the person installing has the privileges to abuse their system and then subverts an installer into abusing their system, how much of a problem is it really?
The *real* attack vector here is "Can you, as an outsider, get the sysadmin to run a installer script that *looks* OK at first glance, but ends up doing something untoward by abusing the setup.exe that the sysadmin sees in the script but doesn't actually look closely at"? export LICENSE_KEY=`cat license.file`; setup.exe is a good way to get a blob of binary data into the environment without too much scrutiny... now if you can get setup.exe to branch to it.. ;) The *other* corner case to consider - the person has the privs, but is untrustworthy, but wants to plant a backdoor for a co-conspirator without the command audit trail showing anything untoward. "Hey, I didn't do it, I just ran setup.exe to install the program. Take a look at the audit trail, that's the only thing I ran..."
Attachment:
_bin
Description:
Current thread:
- Vulnerability Disclosure matt . steer (Jun 06)
- Re: Vulnerability Disclosure Steve Shockley (Jun 07)
- Re: Vulnerability Disclosure Mauro Flores (Jun 07)
- <Possible follow-ups>
- Re: Vulnerability Disclosure Jonathan Leffler (Jun 07)
- Re: Vulnerability Disclosure Valdis . Kletnieks (Jun 08)
- Re: Vulnerability Disclosure Jonathan Leffler (Jun 08)
- Re: Vulnerability Disclosure Lincoln Yeoh (Jun 18)
- Re: Vulnerability Disclosure Valdis . Kletnieks (Jun 08)