What about a virtualized system for each user? On Oct 6, 3:43 pm, mabshoff <[EMAIL PROTECTED] dortmund.de> wrote: > On Oct 6, 9:27 pm, Michel <[EMAIL PROTECTED]> wrote: > > > > I helps a little, but getting from non-privileged shell to root shell > > > provided you have compilers isn't very hard. > > Hello Michel, > > > > > Do you claim any ordinary user can become root? I.e. that the > > unix security model is worthless? Surely this is not what you mean. > > Can you clarify? > > What I mean with that is that with the current frequency of local > exploits reported with common operating systems, be it Linux, Windows, > MacOSX or whatever, the most difficult step is usually getting a local > [unprivileged] shell on the system one tries to penetrate. With a Sage > notebook installed, even in a change root environment, an attacker > already has a fully functioning python interpreter at his/her command > and via "system" a shell. So all it takes is an unpatched local > exploit and the box is pawned, assuming the attack is reasonably > skilled. > > In the past many security penetrations for Linux boxen have been > traced to old kernels and usually stolen credentials for non- > privileged user accounts. One prime example was the pawning of a lot > of Debian servers, I am sure the vast majority of breaches are never > reported or at least don't make it into the news. The same applies to > OSX and Windows and to a lesser extend to *BSD and Solaris, mostly > because the skill set to attack *BSD and Solaris is less common these > days. > > > Regards, > > Michel > > Cheers, > > Michael
--~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
