"The user executes the file which contains shell commands that gain complete control over the computer."
Perhaps someone could verify the following.
If a user is logged in without privileges (not the admin user for example on Mac but a "standard user") then there is no (is there?) way to "gain complete control over the computer" without entering an admin user and password later in the process.
Typically I operate two (or more) logins under OSX. One is "standard" user and one is "admin" user. I only browse under "standard" user never under "admin" user. To me "admin" user really serves no purpose but needs to be there for obvious reasons.
This way I always have to enter the name of an admin user in order to install or make any system changes.
Further, from the command line I would need to do:
Lots of interesting things can be done without root.
The author gives an example where he quits and re-launches Chrome with flag "--disable-web-security" which disables the same-origin policy. He launches Chrome to a webpage which then steals your Gmail session cookies.
Most of the useful things you do on your computer, accessing all of your data, etc. doesn't require root.
The obvious is that you think you're running "su" but you're really running some other command because your PATH is ~/.trojans:/bin:/usr/bin. They may not have immediate control, but they'll get it eventually.
That's after you run su. Just to be clear, I'm talking about an attacker fiddling with your path so you run fake-su, stealing your password, then calling su and making it look like nothing shady happened. By the time su is running, it's far too late for it to do anything.
An attacker can use a privilege escalation attack to execute as superuser, so even though there should be no way to "gain control of the entire computer" without the admin password, in practice this isn't the case.
actually it is. when you are sudo you can practically do whatever you want, including opening a backdoor, adding another admin user, forwarding ports etc.
If you think you're downloading an installer you might very well enter your password in the pop-up dialog, since many installers ask for admin privileges and people are conditioned to think that is normal.
Perhaps someone could verify the following.
If a user is logged in without privileges (not the admin user for example on Mac but a "standard user") then there is no (is there?) way to "gain complete control over the computer" without entering an admin user and password later in the process.
Typically I operate two (or more) logins under OSX. One is "standard" user and one is "admin" user. I only browse under "standard" user never under "admin" user. To me "admin" user really serves no purpose but needs to be there for obvious reasons.
This way I always have to enter the name of an admin user in order to install or make any system changes.
Further, from the command line I would need to do:
su <admin user name> [password]
and then
sudo -s [password]