Re: [Full-disclosure] NETRAGARD-20060624 SECURITY ADVISORY] [ROXIO TOAST 7 TITANIUM - LOCAL ROOT COMPROMISE ]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 23 Aug 2006 08:13:07 -0500 K F <kevin@xxxxxxxxxxxxx> wrote:
Propaganda Support wrote:

Then you aren't an admin user. You're using someone else's admin

account. This is not simply arguing over semantics. These
concepts are
well defined on Unix-based systems.
I must have missed that man page. I can't find the one that says
if you
don't have the password for user X then you are not user X.

If your argument is based primarily on allowing others to have
access
to an admin account which is not theirs (i.e., for which they do
not
have the password), then you really don't have much of an
argument. In
general, this is a VERY BAD IDEA, and is completely unnecessary
on a
multi-user system like OS X.

I assume you never considered that folks do gain access to peoples

accounts from time to time... so just for the sake of argument....
say I
take advantage of the latest lets say Bluetooth bug in OSX that
allows
me to obtain the privileges of the logged in user. I have caught
you
with your Bluetooth chip enabled and have managed to get a remote
shell
on your computer while you are logged in as an admin level user. I
am
now an admin level user regardless of having your password or
not...
(sure I can rm your home dir but I can't add a user or do anything
else
root level) By your understanding of an admin user it seems as if
you
have absolutely NO problem with me as an attacker simply making my
self
root at this point. You seem to hold no differentiation between
someone
that has gid=admin and root regardless of if they have a password
or not.

I am guessing that you also do not see an issue in the behavior of
not
re locking control panel (like OSX does by default) item as well?

-KF

Kind Regards,
-jeff

--Jeff Holland
http://propagandaprod.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Please take off topic discussions off list per the list charter.
Thank you kf.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkTsgFUACgkQ3AEcWsxdEQ7JowP/VFm1qPN+F5Fvy4gsDjlwOz0247Gn
NPLM5OFR1WfhoopfXgzAYlZ1awup2FNL7aR2EbZIzFtrkqVqKz4XcGOagThNGAbX37SN
fqyfi4cQC6ZpgPyRxhcons7/5yaixaFgKt6yC+mwlNr3P21krjKZoBedbyDsm+7cSXyo
t6stEFY=
=MIdf
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] Governments Websites Pwned !!
    ... admin pass:admin:*4F7F6D6AF7CD8CD89967918F893DA545DDA85623 ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins t
    ... [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts ... If you're a local admin, you can replace explorer.exe and access resources with the credentials of the logged-in user. ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: World markets plunge on U.S. fears
    ... I'm sure the Admin will post the FAQ for the group soon. ... You are aware that a FAQ is not a charter? ... ignore conventions in usenet and almost always top post. ...
    (misc.news.internet.discuss)
  • RE: [Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default remote admin passwords
    ... the addition of a "hard-key" would not ... (possibly a password that has to be entered by an admin? ... Subject: [Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
    (Full-Disclosure)