[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PackageKit policy: background and plans



On Friday 20 November 2009 12:33:20 am James Morris wrote:
> On Thu, 19 Nov 2009, Conrad Meyer wrote:
> > > I think it's fair to say that having this happen as root would
> > > generally be worse than it happening as an unprivileged user.  For the
> > > latter, the attacker would need to also then succeed with a local
> > > privilege escalation attack to the same effect.
> >
> > On the contrary. On the typical single user system, it's just as bad if
> > an attacker can steal / delete / modify the user's files as it is if the
> > attacker can modify / delete system files. Privilege escalation isn't
> > needed to delete everything the single user cares about.
> 
> Note that I said generally.
> 
> ...
> 
> There are many possible scenarios where an attacker would want more
> privileged access to the system, e.g. install rootkits/firmware kits,
> modify firewall settings, run network services, attack other systems,
> evade detection etc.  IOW, the current landscape of windows malware,
> data-stealing worms, botnets and so on.
> 
> Getting root access is much more valuable in the general case.
> 
> There are also the separate issues, as I mentioned subsequently, of
> increasing the attack surface, breaking the MAC model, and executing at
> full system privilege (also, without further authorization).
> 
> I think we're throwing away a lot of well-established security benefit in
> moving away from the simple model of using a root/wheel account (or sudo)
> for admin and a separate user account for everything else.

I agree with this. 

-- 
Conrad Meyer <cemeyer u washington edu>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]