Questions tagged [privilege-escalation]

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access throughout the environment

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

187 questions
193
votes
6 answers

Isn't Ubuntu's system prompt for my password spoofable?

Sometimes, Ubuntu shows the following window: This window can be caused by some background processes running, such as an automatic update, or a process which reports bugs to Canonical which manifests itself this way: Since those are background…
Arseni Mourzenko
  • 4,644
  • 6
  • 20
  • 30
110
votes
11 answers

Is `sudo` almost useless?

Once an attacker has a shell as your sudoer user (or just compromised a local process enough), he/she can use one of the many privilege escalation tool to even automatically put themselves for example as apt or some other processed called by root to…
Wernight
  • 1,187
  • 2
  • 8
  • 8
65
votes
4 answers

Are most Linux systems that allow non-root users to execute code straightforwardly rootable?

long story short if you can execute code on a box it is usually straightforward to get root (quote source) The immediate implication of this quote (if it's accurate) is that if you're running a multi-user system and don't try your darndest to…
gaazkam
  • 5,607
  • 11
  • 24
  • 37
42
votes
2 answers

Is it possible to escalate privileges and escaping from a Docker container?

I'm learning a lot about docker. I'm practicing creating docker clusters using docker-swarm, registry, shipyard, etc. I saw how easy is to get root in a docker host machine once you entered to the host with a limited user which has docker…
OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
37
votes
2 answers

Why is SUID disabled for shell scripts but not for binaries?

While I understand the idea of SUID is to let an unprivileged user run a program as a privileged user, I have found that SUID usually doesn't work on a shell script without some workarounds. My question is, I don't really understand the dichotomy…
Cyker
  • 1,613
  • 11
  • 17
30
votes
1 answer

Are shatter attacks still possible in the days of User Interface Privilege Isolation?

Before Windows introduced User Interface Privilege Isolation, any application could send all kinds of window messages to any window on the same desktop (a shatter attack), allowing elevation of privilege. Now, UIPI stops low-privilege applications…
Ben N
  • 2,491
  • 1
  • 12
  • 22
30
votes
4 answers

Can the root user be removed from a *nix system to prevent privilege-escalation?

Once a *nix system is properly configured and hardened, is it a conceivable strategy to remove all super user/root users? Are there benefits to removing root from a system altogether to prevent super-user privilege escalation exploits…
Whome
  • 1,231
  • 11
  • 21
28
votes
2 answers

Methods root can use to elevate itself to kernel mode

When most Linux users hear "root", they think of the maximum possible privilege on a computer. Some even think that root runs in ring 0. But in reality, root is just a regular user running in ring 3, albeit one which the kernel trusts (many…
forest
  • 64,616
  • 20
  • 206
  • 257
25
votes
3 answers

Bank complains about rooted Android. Is it really any worse than a Windows desktop?

When I use my bank's Android application, the app notices that my phone is rooted and puts up a message with a big red "danger" symbol and a message saying "vulnerable device." I totally understand that they do this, because financial institutions…
Fiksdal
  • 3,076
  • 3
  • 18
  • 29
19
votes
1 answer

Keyboard firmware hack - Linux vulnerable?

I see that Apple patched OS X to mitigate against K. Chen's famous Apple keyboard firmware hack. However: Apple keyboards can be used with computers running other operating systems; and in any case, other manufacturers' keyboards may be similarly…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
17
votes
1 answer

How to do a privileges escalation with ping?

I am trying to achieve a privilege escalation. I have a virtual machine on Linux and I escaped from an rbash terminal. I have now a "normal" user terminal. My user is not in the sudoers file. Is it possible to perform a privilege escalation using…
mb3354
  • 171
  • 1
  • 1
  • 5
15
votes
4 answers

Server for School Coding Assignments

An introductory C++ course is offered every year in our university. In order for students to code in C++ and submit their assignments, we give them shell access to a Linux server. They use ssh to log in to the server with their accounts, do the…
Soban
  • 289
  • 1
  • 5
15
votes
2 answers

Is it secure to mount Veracrypt without sudo password in this way

Does this way have any security issues other than what's mentioned in that post? For reference: Create a new group called say veracryptusers and give it the necessary permissions to use VeraCrypt without root password. Any user that belongs to that…
Guesting
13
votes
4 answers

Does the bash shell function import feature inevitably give rise to privilege escalation problem?

Even without the immediate code-execution problem of Shellshock trailing commands, to what extent does the feature of bash importing functions from the environment give rise to a comprehensive privilege escalation vulnerability? To be clear, there…
Ben
  • 3,697
  • 1
  • 18
  • 24
12
votes
5 answers

How can one tell if a binary is safe to give sudo permissions for to an untrusted user?

sudo is sometimes used to give untrusted or "semi-trusted" users the ability to perform certain tasks as root, while not giving them unlimited root access. This is usually done via an entry into /etc/sudoers, specifying which programs can be…
user163495
1
2 3
12 13