Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: antiRepublicrat
He took the OS X client (not Server) and started running various server services. With OS X the default install is everything off, which wasn't this test case. You need to follow good procedure when you start turning things on. OS X makes that bit easy.

So, obviously, whatever services he turned are fundamentally insecure if they can be hacked that easily. What services are they?
60 posted on 03/06/2006 5:00:58 PM PST by DemosCrash
[ Post Reply | Private Reply | To 49 | View Replies ]

To: DemosCrash
So, obviously, whatever services he turned are fundamentally insecure if they can be hacked that easily. What services are they?

I haven't seen the technicals of the hack yet. But it looks like he gave SSH access with a shell account to any hacker who wanted it. With that account, the hacker was able to elevate his privileges.

This is interesting as a local exploit. But I'll believe this as a good server example when it becomes common practice to give shell accounts to hackers.

Every multi-user OS I know has had privilege elevation exploits. They are a common danger. Normally when running a server, all of the service accounts do not have logon privileges (meaning a hacker exploiting a service can't use it to log on), only the local admin accounts do. That restricts the abilities of someone who hacked a service. The hacker is left with trying to exploit the flaws in that service to perform a privilege elevation, which is harder than if they could just log on.

76 posted on 03/07/2006 5:28:35 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 60 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson