Local users get to play root?
Casey Dahlin
cdahlin at redhat.com
Wed Nov 18 19:37:50 UTC 2009
On 11/18/2009 02:29 PM, Richard Hughes wrote:
> 2009/11/18 nodata <lsof at nodata.co.uk>:
>> You install software with a known buffer overflow before it is fixed and
>> exploit it. More software = more chances to exploit. Bingo!
>
> Why would the additional package start extra services? I thought there
> were guidelines about that. Anyway, if the user has physical access to
> the machine, there are many quicker ways to root the box in question.
> (Like rebooting, and using grub to go to runlevel 1)
>
> Richard.
>
What if they don't? The mechanisms by which we are detecting and proving physical access are easily circumvented. If the buffer overflow allows arbitrary code execution, you need only an "open(/dev/console, ...)" to fool a lot of these mechanisms. Just because a program is interactive on a console does not mean that that's the /only/ place its being controlled from.
--CJD
More information about the fedora-devel-list
mailing list