On Thu, 07 Jun 2007 05:21:06 PDT, Jonathan Leffler said: > Wouldn't the person be able to do those things anyway? So, is there an > actual risk of exploitation by someone unauthorized? If the person > installing has the privileges to abuse their system and then subverts an > installer into abusing their system, how much of a problem is it really? The *real* attack vector here is "Can you, as an outsider, get the sysadmin to run a installer script that *looks* OK at first glance, but ends up doing something untoward by abusing the setup.exe that the sysadmin sees in the script but doesn't actually look closely at"? export LICENSE_KEY=`cat license.file`; setup.exe is a good way to get a blob of binary data into the environment without too much scrutiny... now if you can get setup.exe to branch to it.. ;) The *other* corner case to consider - the person has the privs, but is untrustworthy, but wants to plant a backdoor for a co-conspirator without the command audit trail showing anything untoward. "Hey, I didn't do it, I just ran setup.exe to install the program. Take a look at the audit trail, that's the only thing I ran..."
Description: PGP signature