Page 4 of 4 FirstFirst ... 234
Results 31 to 33 of 33

Thread: Are apparmor profiles available for rhythmbox or Totem?

  1. #31
    Join Date
    Mar 2011
    Beans
    669

    Re: Are apparmor profiles available for rhythmbox or Totem?

    I don't know enough about how OSX/BSD permissions work. I would think it's as simple as Windows - you can download and execute any .exe or .msi or whatever.

    If the exploit gives them root it can do whatever. If the permissions allow the program to manipulate files that it owns' permissions it can change the payload how it likes. It could mmap() or virtualalloc() it and get it to execute that way.

    Not really sure how it did it or how the best way to go about doing it would be.

  2. #32
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Are apparmor profiles available for rhythmbox or Totem?

    Quote Originally Posted by Hungry Man View Post
    I don't know enough about how OSX/BSD permissions work. I would think it's as simple as Windows - you can download and execute any .exe or .msi or whatever.
    Yeah, from reading I found out that OSX uses the default umask of 022, which is the same as most Linux distros. This means new files should not be executable.

    If the exploit gives them root it can do whatever. If the permissions allow the program to manipulate files that it owns' permissions it can change the payload how it likes. It could mmap() or virtualalloc() it and get it to execute that way.
    Yeah this malware didn't need root -- it worked directly within the user's directory. So, I was just wondering how it overcame the umask setting. Only thing I can figure is that since it exploited the browser, it may have gained the permissions that way (i.e, it assumes the same permissions the browser has automatically, which probably allows it to execute). Though this is just a guess.
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  3. #33
    Join Date
    Mar 2011
    Beans
    669

    Re: Are apparmor profiles available for rhythmbox or Totem?

    It wouldn't get the browsers permissions, it's just a plugin and it has its own separate permissions.

Page 4 of 4 FirstFirst ... 234

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •