At 11:34 AM 3/18/2002 -0800, Duane Maxwell wrote:
>The "potential root exploit" for this "glitch" (to use the official happy
>friendly Microsoft term for "gaping security hole") is hard to imagine if
>the program being attacked does not run as root.

Your imagination is insufficiently pathological.  Many years ago,
I crafted a delightful shell-script trojan that would masquerade
as "ls" and "rm".  Drop one in /tmp, wait for someone with "."
on the front of their path to say "ls" or "rm" in that directory,
and it propagates itself to whereever it can, in particular on every
writeable directory on the attackee's path.  Soon enough, it nabbed
"root" .  ("Root" was not happy.)

Of course, on Windows, running with lots-o-privileges is a common
thing, and (I suspect that) a user may be allowed to turn off
his/her own anti-viral shields in browsers and mail readers.  I
agree, it would be a tricky endeavor, but people solve tricky
problems all the time, so we should assume a motivated bad guy
could solve this one, too.

David Chase