On Oct 6, 9:27 pm, Michel <[EMAIL PROTECTED]> wrote:
> > I helps a little, but getting from non-privileged shell to root shell
> > provided you have compilers isn't very hard.
Hello Michel,
>
> Do you claim any ordinary user can become root? I.e. that the
> unix security model is worthless? Surely this is not what you mean.
> Can you clarify?
>
What I mean with that is that with the current frequency of local
exploits reported with common operating systems, be it Linux, Windows,
MacOSX or whatever, the most difficult step is usually getting a local
[unprivileged] shell on the system one tries to penetrate. With a Sage
notebook installed, even in a change root environment, an attacker
already has a fully functioning python interpreter at his/her command
and via "system" a shell. So all it takes is an unpatched local
exploit and the box is pawned, assuming the attack is reasonably
skilled.
In the past many security penetrations for Linux boxen have been
traced to old kernels and usually stolen credentials for non-
privileged user accounts. One prime example was the pawning of a lot
of Debian servers, I am sure the vast majority of breaches are never
reported or at least don't make it into the news. The same applies to
OSX and Windows and to a lesser extend to *BSD and Solaris, mostly
because the skill set to attack *BSD and Solaris is less common these
days.
> Regards,
> Michel
Cheers,
Michael
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-devel@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/sage-devel
URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/
-~----------~----~----~----~------~----~------~--~---
