On Thu, 07 Jun 2007 05:21:06 PDT, Jonathan Leffler said:
> Wouldn't the person be able to do those things anyway? So, is there an
> actual risk of exploitation by someone unauthorized? If the person
> installing has the privileges to abuse their system and then subverts an
> installer into abusing their system, how much of a problem is it really?
The *real* attack vector here is "Can you, as an outsider, get the sysadmin
to run a installer script that *looks* OK at first glance, but ends up
doing something untoward by abusing the setup.exe that the sysadmin sees
in the script but doesn't actually look closely at"?
export LICENSE_KEY=`cat license.file`;
setup.exe
is a good way to get a blob of binary data into the environment without
too much scrutiny... now if you can get setup.exe to branch to it.. ;)
The *other* corner case to consider - the person has the privs, but is
untrustworthy, but wants to plant a backdoor for a co-conspirator without
the command audit trail showing anything untoward. "Hey, I didn't do it,
I just ran setup.exe to install the program. Take a look at the audit trail,
that's the only thing I ran..."
- application/pgp-signature attachment: stored
Received on Jun 08 2007
Intro
