so, if the attacker can execute programs on the users machine, the game is lost ... this never made any sense to me , I don't get it
You seem to live in a world where every user "owns" its machine. While this is common at home, quite the opposite is true in business and educational environments. Lots of machines are managed by a few administrators, and the users have only limited privileges on the machines.
Some of the users want to have more control over their machines, but don't want to go the official way to get more privileges - for example, because the admins don't want a first-year student to gain root access on the university's fileservers.
So there are only two ways to gain root: Trick the admins into giving you root privileges, or find a bug that gives you root privileges. See https://en.wikipedia.org/wiki/Social_engineering_%28security%29 for the first way. The other way attacks programs that run with elevated privileges (cron jobs, set-uid programs), sometimes also the network or the physical security of the servers.
A program that predictably creates or deletes files in user-controllable directories while running with elevated privileges is a good target, as explained before. It becomes an even better target for an attack if the contents of the files can be influenced by the user.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply] |
You seem to live in a world where every user "owns" its machine...
Yeah, thats just the same old hypothetical story, an admin might be fooled into running a program from user writable directory and this is bad and not merely a bad admin
I don't see any bug reports to PAR/PAR::Packer about this
As an asides, against PAR/pp might make a good of its own
| [reply] |
As an asides, advocating against PAR/pp might make a good thread of its own
| [reply] |