Valdis.Kletnieksvt.edu
Date: Fri Jun 08 2007 - 12:10:14 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 07 Jun 2007 05:21:06 PDT, Jonathan Leffler said:
> Wouldn't the person be able to do those things anyway? So, is there an
> actual risk of exploitation by someone unauthorized? If the person
> installing has the privileges to abuse their system and then subverts an
> installer into abusing their system, how much of a problem is it really?

The *real* attack vector here is "Can you, as an outsider, get the sysadmin
to run a installer script that *looks* OK at first glance, but ends up
doing something untoward by abusing the setup.exe that the sysadmin sees
in the script but doesn't actually look closely at"?

export LICENSE_KEY=`cat license.file`;
setup.exe

is a good way to get a blob of binary data into the environment without
too much scrutiny... now if you can get setup.exe to branch to it.. ;)

The *other* corner case to consider - the person has the privs, but is
untrustworthy, but wants to plant a backdoor for a co-conspirator without
the command audit trail showing anything untoward. "Hey, I didn't do it,
I just ran setup.exe to install the program. Take a look at the audit trail,
that's the only thing I ran..."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFGaY12cC3lWbTT17ARAoYXAJ0RSU9TxmJxZmFAYvW6KG4fSMTWlgCgzuKm
6xNE1nrV2dr/oKFKfNxD+Lg=
=z9xM
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]