On Sun, Nov 13, 2005 at 11:20:17AM -0500, SOTL wrote:
> On Friday 11 November 2005 02:08 pm, Ian C. Blanker wrote:
> > The EFF is collecting a list of people who satisfy the following criteria:
> >
> > 1. you have a Windows computer;
> > 2. First 4 Internet's "xcp" copy protection has been installed on your
> > computer from a Sony CD (for more details, see our blog post
> > <http://www.eff.org/deeplinks/archives/004144.php> referenced above or
> > SysInternals blog
> > <http://www.sysinternals.com/blog/2005/10/bypass-traverse-checking-or-is-it
> >.HTML>); 3. you reside in either California or New York;
> > 4. you are willing to participate in litigation.
> >
> > They are considering litigation against Sony.
> >
> > If you were affected, contact allison@eff.org.
> >
> > - Ian C. Blenke <ian@blenke.com> http://ian.blenke.com/
>
> One or two of the news sites was reporting that not only was there a root kit
> for MS Windows but also one for Apple.
>
> If I recall correctly Apple's new OS is a BSD derivative.
>
> Assuming that the previous statement is true could someone in very simple
> terms [10 words or less] explain how Sony can reliability install a root kit
> in a BSD system without root privileges? I thought [absence some
> configuration failure of coding failure which Sony could not rely on to limit
> music playing] that this was completely 100% impossible.
We discussed this at the Dunedin meeting, but let's be more precise
about the setup in asking the question. Let's assume the computer is
connected to the internet via a firewall. Let's assume there are no
other users on the local LAN where the machine lives, and 0% likelihood
that some local user would exploit a software security flaw. Let's
assume the usual complement of services running on the box, like an MTA,
init, perhaps a SQL database server, cron, portmapper, etc.-- the usual
things a user would have running privileged on their computer. And let's
assume that the user, in conducting day-to-day activities, is running as
an unprivileged user. And in answering the question, assume one of two
scenarios: the firewall is not advertising to the internet anything
other than perhaps the SSH port, or the firewall is presenting an HTTP
port, SSH port and an FTP port. You can assume the user is actively
working on the machine, or away from the box.
The question is: under either one of these scenarios, could a serious
hacker install a rootkit, and how?
Paul
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:01:19 EDT