Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: what's with the admin privilege business

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: what's with the admin privilege business

Subject: Re: what's with the admin privilege business
From: Todd Heberlein <email@hidden>
Date: Tue, 26 Jan 2010 10:14:39 -0800

> Caution is exactly the point — all of these tools snoop on (or alter) the memory or activities of other processes. The system calls they use are only available to processes with admin privileges, because they can be misused by malware.
>
> For example, sweeping through Safari's or Mail's address space looking for strings will probably turn up passwords.

Once upon a time I observed an attacker use the gcore command line tool on Solaris to dump kernel memory in order to retrieve passwords from the shadow password file that had been cached in memory. I've never "debugged" other processes, but I can see how these tools, in their effort to be helpful, could also be dangerous.

Todd

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>what's with the admin privilege business (From: David Penton <email@hidden>)
	>Re: what's with the admin privilege business (From: Jens Alfke <email@hidden>)

Prev by Date: Re: detecting and acting on xcode version in proj file?
Next by Date: Re: Where can $(inherited) be used?
Previous by thread: Re: what's with the admin privilege business
Next by thread: Re: what's with the admin privilege business
Index(es):
- Date
- Thread