[12909] in bugtraq
Re: Analysis of Tribe Flood Network
daemon@ATHENA.MIT.EDU (der Mouse)
Thu Dec 9 17:47:13 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <199912092144.QAA11807@Twig.Rodents.Montreal.QC.CA>
Date: Thu, 9 Dec 1999 16:44:09 -0500
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> [...], and that some people still haven't realized that a root
> compromise means *total control* over the systems hard- and
> software..
Um, not quite - though admittedly pretty close. The main thing
cracking root doesn't get you is physical access. For example, if the
machine's only disk drive has its write-disable jumper in place, you
*can't* write to it, you *can't* trojan its executables, even if you
gained control of not only userland root but the kernel.
That's another thing root access doesn't give you - kernel control.
It's often a fairly short step, but not always.
> including denial of service, automated compromising of other
> machines, remote eavesdropping,
All true, assuming the kernel is willing to let root do those things.
There is no reason the kernel *has* to be willing to put the network
interface in promiscuous mode at all - indeed, it'd be fairly easy to
build a kernel that doesn't. And one box I've been considering putting
together wouldn't even have a userland to compromise; it's raison
d'etre (if and when) is going to be a particular form of packet
forwarding, wholly in-kernel. No root to crack!
Not that this should render anyone complacent, of course. A root
compromise is pretty serious, and on most machines having root *does*
give you everything you could want.
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
