[TriLUG] Privileges and Social Engineering
Jeff Tickle
jtickle at jtsoft.net
Sat Jun 12 18:25:43 EDT 2004
So on the Apple, does the user set the root password at some point? You
make a good point that there are still good vulnerabilities in the home
directory. I didn't think of those, and there's no real way around
them. And you'll always indeed have the very few people (but enough)
who install that cool program that "Bob" sent them. I don't suppose
there's any real good way of getting around the problem...
Oh well. It was just a thought. Possibly still not a bad idea, but
definitely not a 100% effective solution.
-Jeff
On Fri, 2004-06-11 at 19:41, Mike Johnson wrote:
> It's -soooo- much easier than this. Apple has solved this problem in
> OS X. It's so simple, it's brilliant. On first boot, a user is asked
> to create an account for themselves. This is usually their name, and
> they get an option for a nickname. Then, they -always- log in as this
> user. Root is not enabled (OS X is UNIX under the covers, remember) and
> this regular user is obviously limited in what they can do. If they
> want to break out of that, they either use sudo from the command line,
> or a pop-up screen comes up where they must enter their password. (Yes,
> there are still social engineering things that can be done here, but
> it's irrelevant, see below.)
>
> Now, all that said, keep in mind that a virus really doesn't need to be
> root to spread. It can do all that just fine as your user. Maybe add a
> little magic to your .bashrc, .profile, .cshrc, .login, etc just for
> fun. It can still read your address book, it can still send mail as
> you (for propigation), it can still be used as a zombie to DDoS SCO.
> And with its addition of itself into your startup scripts, it won't go
> away. Now, it's not difficult to get rid of the little beasty, and it
> can't leave behind a rootkit, but it never needed root access at any
> point along the way.
>
> Windows is a target rich environment, nothing more, nothing less. The
> virus that I just described is pretty much how they work on Windows,
> with the exception of adding themselves to the system startup. A virus
> like this would also work on Solaris, AIX, FreeBSD, and even, OMG,
> OpenBSD (and any other multiuser operating system). Hell, it could even
> work on an SELinux system. All it takes is an email that says 'hey, run
> this attached script'.
>
> Mike
--
Jeff Tickle <jtickle at jtsoft.net>
JTSoft.net
More information about the TriLUG
mailing list