On 25 May 2009, at 20:23, Michael Ash wrote:
On Sun, May 24, 2009 at 7:57 PM, Greg Guerin <glgue...@amug.org>
wrote:
Michael Ash wrote:
Malevolent process C fails.
Or maybe malevolent process C works because it's running with the
same uid
as unprivileged process A. The sticky-bit on a directory only
prevents one
uid from interfering with another uid's files. It has no effect if
the uids
of the processes are the same.
To put it bluntly: so what?
Have you forgotten about B - a process running with escalated
privileges that A and C are trying to talk to?
The UNIX security model fundamentally works at the user level, not the
process level. There is essentially nothing in place to protect one
process from attack by another.
If the adversary is able to run code under your user, then you have
already lost. He must be stopped before he gets that far. Trying to
protect your application from attack by another application running
under the same user is pointless.
Yes, you have lost, but not necessarily the owner of the computer and
not all the other people that use it. If the attacker has gained root
access, however, it's game over for everybody.
Mike
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/adc%40jeremyp.net
This email sent to a...@jeremyp.net
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
