Linux security: The dangers of executing malignant code as a standard user

Slipping some (non-root) user a piece of malignant code that he or she executes might be considered as one of the highest security breaches possible. (The only higher I can see is actually accessing the root user)

What can an attacker effectively do when he/she gets a standard, (let's say a normal Ubuntu user) to execute code? Where would an attacker go from there? What would that piece of code do?

Let's say that the user is not stupid enough to be lured into entering the root/sudo password into a form/program she doesn't know. Only software from trusted sources is installed.

The way I see it there is not really much one could do, is there?

Addition: I partially ask this because I am thinking of granting some people shell (non-root) access to my server. They should be able to have normal access to programs. I want them to be able to compile programs with gcc. So there will definitely be arbitrary code run in user-space...

AndreasT

Posted 2011-01-28T14:29:38.933

Reputation: 669

1Are you asking "What's the worst that could possibly happen?" – FrustratedWithFormsDesigner – 2011-01-28T14:43:43.687

This question should belong community wiki. – ulidtko – 2011-01-28T22:09:11.823

Yes I am asking whats the worst that could happen. – AndreasT – 2011-02-01T09:00:01.203

Answers

There's a couple of potential issues with an attacker having local shell access to your system.

Firstly is that, if you're not fully up to date with security patches, then it may be possible for the attacker to carry out a privilege escalation attack on binaries on the system. From a linux perspective the main risk would be a vulnerability in a process running as a privileged user. There have been a number of these in the past (for example)

Other ways that an attacker with local privileges can look to escalate would be looking round the file system for credentials or other information which may help them to escalate their privileges, or trying to get a privileged user to execute code that they create which has a malicious purpose.

Rory McCune

Posted 2011-01-28T14:29:38.933

Reputation: 571

For any normal user it may be possible to perform denial-of-service by resource exhausting. E.g. user may do cat /dev/zero > /tmp/overflow to use out all available disk space or intentionally launch a fork bomb to exhaust CPU and RAM, or flood you primary network interface with rubbish traffic.

You will need to carefully setup all kinds of per-user quotas to prevent this kind of attacks.

ulidtko

Posted 2011-01-28T14:29:38.933

Reputation: 2 356

Thx for this idea, but in my case that would be rather stupid, (not your answer, just the dos attack) since it is easy to know who did it. – AndreasT – 2011-02-01T09:03:57.033