Re: which temp dir to use?
Re: which temp dir to use?
- Subject: Re: which temp dir to use?
- From: Michael Ash <email@hidden>
- Date: Mon, 25 May 2009 18:52:23 -0400
On Mon, May 25, 2009 at 6:18 PM, Kyle Sluder <email@hidden> wrote:
> On Mon, May 25, 2009 at 3:08 PM, Michael Ash <email@hidden> wrote:
>> Not at all. It doesn't change my point one whit. If A can command the
>> privileged process to do something nasty, then C can do it too.
>> (Possibly by breaking into A by one of the many mechanisms available
>> and forcing it to make an evil request, possibly by imitating what A
>> does.)
>
> Isn't that exactly what we're talking about? C impersonating A by
> swapping its own evil data into the channel A is using? It's a man in
> the middle attack. To defend against it, you need to authenticate the
> client *and* secure the channel. The authentication part was never
> mentioned because it's not pertinent to the flaw we're discussing,
> which is a function of using the filesystem to shuttle data around.
Right, and since you *can't* authenticate the client beyond "running
as user X", securing the channel against other code running as user X
is pointless.
It is very much worthwhile to protect your communications channel from
other users on the system. But there's really not much point in
protecting it from other *processes* running as the *same* user,
because they have a dozen other ways to break into the conversation if
they should so choose.
The authentication stuff is pertinent, because the AEWP is an example
of an API which works by having an unprivileged user process
communicate with a privileged process that does the work. A technique
which allows you to compromise a process which uses AEWP demonstrates
how this compromise can be done with any such setup, even using a
secure channel (which AEWP does).
Mike
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden