[cap-talk] Capabilities - the rub, an account

Sandro Magi smagi at higherlogics.com
Sat Nov 18 13:22:21 CST 2006


Jed at Webstart wrote:
> The most important factor in this area I think is that any
> proxying disappears when the active process doing the
> proxying goes away - as it inevitably does in many cases
> (often at a logout, a kill, but certainly when a system restarts
> in today's systems).
>   

Mallware, adware, etc. can install themselves as startup/boot services.

> Another factor I believe is that such proxying doesn't seem
> to be a practical problem from the security viewpoint.  Others
> can correct me, but I don't know of any instances of script
> kitties or the like installing proxy access.  I think part of the
> reason they don't is that such access isn't permanent enough
> to suit their needs (see above about the limited lifetime of
> processes).
>   

I think proxy access isn't used because it isn't necessary yet; far too
many easier exploits are still available. I mean, why go through all
this trouble when you can root a machine with a simple Javascript
script? Proxying will become more viable with increased security.

Sandro




More information about the cap-talk mailing list