[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?

Once upon a time, Richard Hughes <hughsient gmail com> said:
> 2009/11/19 Chris Adams <cmadams hiwaay net>:
> > Once upon a time, Ricky Zhou <ricky fedoraproject org> said:
> >> I might be wrong on this, but wouldn't the attacker need to trick
> >> yum/packagekit into using the malicious repo first?  I didn't think that
> >> was allowed for non-root users.
> >
> > 1.5 words: NetworkManager.  Think about it.
> 2 words: Package signing.
> If the key is different to the one that was preciously imported, you
> need the root password.

2 words: replay attack.

So there are no packages in releases/12/Everything that have privilege
escalation bugs?  All I have to do is wait for one to be found, and I
have a signed path to root.  Even if the package is fixed in updates, I
just have to have a custom updates repo without it.

Chris Adams <cmadams hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]