From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 2313 invoked from network); 1 Aug 2023 21:13:33 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 1 Aug 2023 21:13:33 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id EB710410D8; Wed, 2 Aug 2023 07:13:29 +1000 (AEST) Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by minnie.tuhs.org (Postfix) with ESMTPS id 1588F410D0 for ; Wed, 2 Aug 2023 07:13:23 +1000 (AEST) Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-563dc551518so3671021a12.2 for ; Tue, 01 Aug 2023 14:13:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690924402; x=1691529202; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=cdBrAyrwgnMqHETTLHYZKWHxfRCbooNioRIi7K0OQRA=; b=MTu7Gw+cJoux1HyAMFTwA+2y0vSdZhAn1zyp4bunHYWs/4dM0XzNT+kwnnaFJQKdQA +ece6KnigaUZQ8D3j+nTcBFgEINfjAiV7LALfCnYu5nEZt9kaYNQQ4Hv+lrBWFFO4nyc EhsPmlul3nfomn5GaNnaaKSjvqLvLmgzjFoknNRglVh2veY4/RpLd76PwyJtKn1AiyBK Npf3JN/CyHVD7HogsmjBXnXevkB05zbdhrQDP4eY99ahAqGd2+W6DPQUg2VP77JOVbis 5A/j9El9Olx7peN3gJB+ehY+mLUR4uEunb9hETCj0e9o4nuKjQXcwLWY+Ky8hv8SgGNY dP8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690924402; x=1691529202; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cdBrAyrwgnMqHETTLHYZKWHxfRCbooNioRIi7K0OQRA=; b=XgQmBUEfS3N+pKUfWZeVYDQFzJGkZVJ8dL4vnPuocz6RMPt+uXnnF+mtztQ0q2HlJE 3bSTh+BmCo+LfZx6TG1SHGD3oItk4VX9lk8CSui5upbLXxNbKNE5kZOz7nI0rItU15Lz rfmMWL24UhN6NVt7oppk5zlTqvs4Dp0dcu8yhmotHCWJe4BWp7VPArhg1XTyZTUqYdlM 0bQOgFkjgiPAx14I85hysZ+mfLcrMwRaGRstcbhbRDKFmmJzx3GKOE4eAQeunPekoSS3 os7qpLqZzBy7G0z7XHRgXrH9eghZETbaNpjxV9/tBh/spLraDKFUQjLBF66rA4BV8kFJ kvdA== X-Gm-Message-State: ABy/qLZv7+mssZ5IoKV/GAjgg/AynFAM2yxawnbeYXdoEC0O0OjG5GOb nKYk9D0H5vR0MT7Nqb5wJskVgh1dX3HEZs7hYqSlrn9r X-Google-Smtp-Source: APBJJlHdg/B2yk6+dU++2XbH5MNnsDL0ij5wii/4GMClQ0f3VG3egckDQLbUEUlXpH/76IPoExdPQwMsYDLwOHSDsmc= X-Received: by 2002:a17:90a:1050:b0:268:afcf:3318 with SMTP id y16-20020a17090a105000b00268afcf3318mr8237323pjd.37.1690924401762; Tue, 01 Aug 2023 14:13:21 -0700 (PDT) MIME-Version: 1.0 References: <20230801204800.wvlfp%steffen@sdaoden.eu> In-Reply-To: <20230801204800.wvlfp%steffen@sdaoden.eu> From: Niklas Karlsson Date: Tue, 1 Aug 2023 23:13:09 +0200 Message-ID: To: The Eunuchs Hysterical Society Content-Type: multipart/alternative; boundary="0000000000004f27420601e3049a" Message-ID-Hash: 6F2U6W2PMXXQ6VYOU3NGPA46HAS7CU6G X-Message-ID-Hash: 6F2U6W2PMXXQ6VYOU3NGPA46HAS7CU6G X-MailFrom: diamondwings@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: shell escapes in utilities List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --0000000000004f27420601e3049a Content-Type: text/plain; charset="UTF-8" Den tis 1 aug. 2023 kl 22:48 skrev Steffen Nurpmeso : > Niklas Karlsson wrote in > | > |To be fair, local root exploits are a bit of a different animal from > |remote ones. Even now, if you have physical access to your average *nix > |box, you can likely gain root. Sure, there are ways and means of > > I find this a provocative statement even in the silly saison. > I would assume that despite EFI firmware snooping key presses when > entering the disk key on cold boot, or other sort of nifty spying > (the famous USB sticks that "turn into keyboards and send key > presses" (as root?) cross my mind), i would think that you have > a hard time as a normal user to become root. On this box; even > though you are not further separated via "ip netns exec .. unshare > .." etc.; some SETUID programs exist > > [...] I'm sorry, I'm having trouble parsing what you're saying here, other than that a physically present user would have difficulty becoming root. But yes, obviously an encrypted disk would present a major obstacle. > > |preventing that, but IME it's really only people doing really secret > |spook stuff that bother with those. Even engineering outfits with big > |secrets to protect usually don't bother. > | > |What you did with that RS/6000 sounds roughly equivalent to booting a > |modern Linux box in single-user mode, where you can also set the root > |password to anything you like. > > Not here. > Very well, then your installation is a lot more ambitious than most I've come across. Niklas --0000000000004f27420601e3049a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Den tis 1 aug. 2023 kl 22:48 skrev Steffen Nurpmeso <steffen@sdaoden.eu>:
Niklas Karlsson wrote in
=C2=A0| =C2=A0|To be fair, local root exploits are a bit of a different animal from=
=C2=A0|remote ones. Even now, if you have physical access to your average *= nix
=C2=A0|box, you can likely gain root. Sure, there are ways and means of

I find this a provocative statement even in the silly saison.
I would assume that despite EFI firmware snooping key presses when
entering the disk key on cold boot, or other sort of nifty spying
(the famous USB sticks that "turn into keyboards and send key
presses" (as root?) cross my mind), i would think that you have
a hard time as a normal user to become root.=C2=A0 On this box; even
though you are not further separated via "ip netns exec .. unshare
.." etc.; some SETUID programs exist


[...]

I'm= sorry, I'm having trouble parsing what you're saying here, other t= han that a physically present user would have difficulty becoming root. But= yes, obviously an encrypted disk would present a major obstacle.
=
=C2=A0

=C2=A0|preventing that, but IME it's really only people doing really se= cret
=C2=A0|spook stuff that bother with those. Even engineering outfits with bi= g
=C2=A0|secrets to protect usually don't bother.
=C2=A0|
=C2=A0|What you did with that RS/6000 sounds roughly equivalent to booting = a
=C2=A0|modern Linux box in single-user mode, where you can also set the roo= t
=C2=A0|password to anything you like.

Not here.

Very well, then your installa= tion is a lot more ambitious than most I've come across.
= =C2=A0
Niklas
--0000000000004f27420601e3049a--