[TriLUG] Privileges and Social Engineering

Jeff Tickle jtickle at jtsoft.net
Sat Jun 12 18:25:43 EDT 2004


So on the Apple, does the user set the root password at some point?  You
make a good point that there are still good vulnerabilities in the home
directory.  I didn't think of those, and there's no real way around
them.  And you'll always indeed have the very few people (but enough)
who install that cool program that "Bob" sent them.  I don't suppose
there's any real good way of getting around the problem...

Oh well.  It was just a thought.  Possibly still not a bad idea, but
definitely not a 100% effective solution.

-Jeff

On Fri, 2004-06-11 at 19:41, Mike Johnson wrote:
> It's -soooo- much easier than this.  Apple has solved this problem in 
> OS X.  It's so simple, it's brilliant.  On first boot, a user is asked
> to create an account for themselves.  This is usually their name, and
> they get an option for a nickname.  Then, they -always- log in as this
> user.  Root is not enabled (OS X is UNIX under the covers, remember) and
> this regular user is obviously limited in what they can do.  If they
> want to break out of that, they either use sudo from the command line,
> or a pop-up screen comes up where they must enter their password. (Yes,
> there are still social engineering things that can be done here, but
> it's irrelevant, see below.)
> 
> Now, all that said, keep in mind that a virus really doesn't need to be
> root to spread.  It can do all that just fine as your user.  Maybe add a
> little magic to your .bashrc, .profile, .cshrc, .login, etc just for
> fun.  It can still read your address book, it can still send mail as
> you (for propigation), it can still be used as a zombie to DDoS SCO.
> And with its addition of itself into your startup scripts, it won't go
> away.  Now, it's not difficult to get rid of the little beasty, and it
> can't leave behind a rootkit, but it never needed root access at any
> point along the way.
> 
> Windows is a target rich environment, nothing more, nothing less.  The
> virus that I just described is pretty much how they work on Windows,
> with the exception of adding themselves to the system startup.  A virus
> like this would also work on Solaris, AIX, FreeBSD, and even, OMG,
> OpenBSD (and any other multiuser operating system).  Hell, it could even
> work on an SELinux system.  All it takes is an email that says 'hey, run
> this attached script'.
> 
> Mike
-- 
Jeff Tickle <jtickle at jtsoft.net>
JTSoft.net




More information about the TriLUG mailing list