 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, 6 Aug 2002, Bill Bogstad wrote: > David Kramer wrote: > >On Tue, 6 Aug 2002, Bill Bogstad wrote: > >> So a command line overflow exploit in a setuid-root ps binary on a > >> UNIX machine is unimportant because you shouldn't ever let 'bad > >> people' have a login on your machine? I thought security was about > >> being able to limit the resources that a user could access on a > >> machine even when they had some level of legal access. You seem to be > >> advocating a security model of 'good' and 'bad' users where 'good > >> users' can do anything and 'bad users' can do nothing. Maybe you > >> missed the part where this worked via terminal services as well. You > >> don't need physical access, apparently you only need the equivalent of > >> a UNIX login. I believe that any operating system vendor who claims > >> that something isn't a security issue because you have to have some > >> level of valid access to exploit it should be condemmed. PERIOD. > > > >OK, I should have been more explicit. When you have a bad person sitting > >in front of you WINDOWS computer, is what I meant. > > I'm afraid I don't follow you. The article clearly states that this > is exploitable even if you don't have physical access to the computer. > All you need is logical (Window's terminal server) access. I agree > that physical access to the unit actually implementing the security > system means all bets are off. Although what that means is subject > to discussion. I don't think keyboard/mouse/monitor access is sufficient. > If I put you on the other end of long cables without access to the actual > CPU box that shouldn't automatically give you any more privileges then > if your access is via a network card. You're right, I always think of Windows as only being accessible while sitting in front of it, because that's the only way I've ever used it. ---------------------------------------------------------------------------- DDDD David Kramer david at thekramers.net http://thekramers.net DK KD "The water was not fit to drink. DKK D To make it palatable, we had to add whiskey. DK KD By diligent effort, I learned to like it." DDDD - Sir Winston Churchill (1874-1965)
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
