| Sign In/My Account | View Cart |
Article:  |
Mac Security: Identifying Changes to the File System | |
| Subject: | Mac OS X Rootkits | |
| Date: | 2005-10-08 12:43:00 | |
| From: | macCompanion | |
|
See http://freaky.staticusers.net/ugboard/viewtopic.php?t=13891
|
||
Showing messages 1 through 4 of 4.
-
Mac OS X Rootkits
2005-10-09 06:21:54 peterhickman [View]
-
Mac OS X Rootkits
2005-10-12 16:38:18 hard-mac [View]
Opener never was a rootkit, very correct. Just a small POC to show what could happen on the OSX platform. It doesn't have to be installed locally as you say. NetCat was included because OS X never used to have a copy and the version it includes currently is still crippled.
peterhickman wrote: "So to install a rootkit to give you root access to a system you require root access, deeply flawed in my mind."
This is what a rootkit is, it is designed to keep root access on a box once you have it already. Not to get root, other exploits are used for this.
peterhickman wrote: "One day there will be a credible rootkit for OS X, but today I am not too worried."
As for real rootkits, Togroot is a pretty sad example. Have you looked at WeaponX yet. It's fairly powerful.
Cheers, hard-mac
Hardening Your Macintosh
http://members.lycos.co.uk/hardapple/
-
Mac OS X Rootkits
2005-10-13 13:58:41 peterhickman [View]
It's true that opener was never really a rootkit (even if it was the nearest that OS X has had to a rootkit scare). It was more of the 'look what we could do if we ever managed to root a system'.
But that said the first hurdle is to gain enough of a foothold on a system to install all the opener type tools in the first place, just because someone has gained access to your system does not mean that they have root. For me an essential part of a rootkit is the ability gain root from any foothold. Any such rootkit is to be truly feared.
Anything that will only work if it is given root on a plate is best described as proof of concept just like the proof of concept OS X viruses.
What you say is right and my go at Togroot was cheap shot but at this point I do not believe that we are facing a real threat.
For me a rootkit will allow a hacker to gain root access and so I see little threat on the horizon if they require root on a plate. Your definition does not require the ability to gain root access so you will be assessing things differently.
Perhaps we need a better taxonomy for rootkits, 'proactive rootkit' for those that can gain root themselves and 'nursery rootkit' for those that get it given to them.
Whatever species of rootkit it is, you wouldn't want it on your Mac.
-
Mac OS X Rootkits
2005-10-09 05:39:39 yvesdec [View]
It is a bit weird, they create scripts to hack systems but they have trouble downloading it and don't know how to compile a single c file :-\
| Privacy Policy > View Sample Newsletter > |
800-889-8969 or 707-827-7019 Monday-Friday 7:30am-5pm PT ©2011, O'Reilly Media, Inc. All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
|
Can't quite work out why osxrk supplies a version of nc as it is already provided , at least in Tiger.
To give a feel for the lack of development we have this from the Togroot README.
Once loaded, Togroot will give you the ability to obtain root access simply by typing "/givemeroot" and typing "su", for example.
...
cp -R /path/to/togroot.kext /system/library/extensions/togroot.kext
Add sudo to the beginning if you are not currently root.
So to install a rootkit to give you root access to a system you require root access, deeply flawed in my mind.
One day there will be a credible rootkit for OS X, but today I am not too worried.