Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: PrivSep
From: "Darren Spruell" <phatbuckett () gmail com>
Date: Tue, 19 Jun 2007 16:16:44 -0700
On 6/19/07, Sebastian Krahmer <krahmer () suse de> wrote:



Not to mix up with Priv Sepp wich is me (maybe only a funny joke in
german:)

http://c-skills.blogspot.com/2007/06/note-on-privilege-separation.html

Especially the recursive aspect of sneaking into a session makes this
a real problem.


Interesting, but is there ever an assumption that these sessions are
"secured" from the superuser in Unix in the first place?

- root has direct access to memory to retrieve session keying material
- root can read the shadow password file
- root can trojan/patch sshd to collect credentials and session data
- root can read/write the pty
- ...

Seems like fearing root on a (local or remote) system you're logging
into is a little redundant.

DS
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • PrivSep Sebastian Krahmer (Jun 19)
    • Re: PrivSep Darren Spruell (Jun 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]