Subject: Re: Apple switches to intel -- welcome to the 'historic section',
To: Erik Winkler <ewinkler@erols.com>
From: Dan LaBell <dan4l-nospam@verizon.net>
List: port-macppc
Date: 06/07/2005 19:53:54
On Jun 7, 2005, at 8:55 AM, Erik Winkler wrote:

> I perform security penetration tests on internal corporate networks 
> all the time for my clients.  I can't remember the last time I didn't 
> fully compromise a company's Windows-based domain control in the space 
> of a few hours.  It's not the processor that leads to worms or virii, 
> its the OS.  MacOSX is based on BSD Unix and has all BSD's security 
> strengths.  These strengths will be maintained with the switch to 
> Intel.  When you

I understand the strengths of Unix over Windows, and, I was misusing 
the term shellcode,
somewhat I meant is w/ the machine code the same, byte order the same, 
word alignment the same machine, one worm could simply add some 
selection and iteration and try the exploit multiple
targets in 1 buffer, a 'fat/universal binary' shell-code. Considering 
that no-op's are usually used to pad the buffer since the exact entry 
point can vary, ppc shell code would break right there, if used on x86, 
and vice versa, and now maybe not.  So, perhaps an new avenue, for 
virus's in multimedia files and the like.

Also sudo on macosx is basically a root shell, it is not limited in 
anyway as to what the sudoers can do, I'm guessing a worm or trojan, 
dropper could be written, probably already has been, that lurks around 
until the admin authenticates and slips in before the time expires, or 
he or she does a sudo -k, (if a user can slip in this way why not a 
virus or worm?)

Didn't the Morris Worm work on multiple unix platforms, including BSD 
based systems?