[wplug] [Fwd: BSDCan 2005 - Hyper threading considered harmful]
Bill Moran
wmoran at potentialtech.com
Mon May 16 08:27:21 EDT 2005
Cameron McBride <cameron.mcbride at gmail.com> wrote:
> In general, I agree with the several last non-alarmist opinions.
>
> > So unless you have a system where there is more then one user (that is
> > not you) I would say don't worry at this time.
>
> to be fair, this isn't exactly true. Leaving this issue unresolved
> means that any local account can obtain root. This could mean that
> once *any* account is compromised, there is yet another open avenue
> for privilege escalation. A fair dose of paranoia can be healthy, and
> it's good to know what windows are left unlocked in one's house.
I want to back this point up, as I think it's very important.
If you leave HTT on, you leave a trampoline on your box that allows any
other exploint to potentially become a root exploit. The most common
types of remote exploits are the ones that allow a "malicious user to
run arbitrary code as the user running the service".
A huge security trend of the last 5 years or so has been to ensure that
each service runs as it's own user (i.e. Apache runs as www, sendmail runs
as mail, named runs as bind). By doing this, you easily limit how much
damage a compromise of said service can accomplish.
... Unless you have a local priviledge escalation exploit available on the
same machine. Then, any remote exploit, of any user or any service becomes
a potential root. This HTT exploit has the potential to be a local
priviledge exploit, by exposing keys and passwords and anything else.
IOW: one layer is not layered security.
I intend to take this very seriously, and I think everyone else should as
well.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list