Thus spake Robert Ransom (rransom.8774@xxxxxxxxx): > On Sat, 25 Sep 2010 17:04:14 -0700 > Mike Perry <mikeperry@xxxxxxxxxx> wrote: > > > Thus spake coderman (coderman@xxxxxxxxx): > > > > > however, if an attacker has access to read this locally they've > > > already compromised you to a degree that random mac affords no > > > protection... > > > > Is this really true? > > If you are running a hidden service, on a computer with no network > access except through Tor, no -- you might not be hosed just by an > attacker being able to run a shell command, but leaking an actual MAC > address from an actual NIC might get you tracked down. (An attacker > with shell access can read your MAC address on Linux just by running > ifconfig, even as an ordinary user.) Hah, yah, I forgot the context of this thread was hidden service threats. This thought popped into my head a day after reading coderman's original post and thinking about securing plugins in Google Chrome. But yes, your statement about command injection is absolutely true. In fact, in some cases commands that run may even be restricted by an AppArmour or SELinux policy (if you run Ubuntu 10 or Centos 5), but an attacker still could run some socket syscalls and commands with these limited privs. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpCgRCP41nYA.pgp
Description: PGP signature