| Fred Stluka on 9 Dec 2018 17:34:10 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Yet another fresh linux exploit |
Charlie, On 12/6/18 7:49 PM, Charlie Li wrote:
You may end up "needing" to run a daemon that solves a problem or does something you need. Many times daemons run as their own UID and GID; sometimes they're even codified. Unbeknownst to you, there's some runtime checking that specifically checks for a specific UID or GID. If that program asks for a UID or GID greater than 32 bits, and you had no idea about this kind of underlying system flaw, well?
Yeah, but wouldn't the bad actor program that requests a specific UID have to be running with privileges anyhow, in order to be able to create a user at all? So, why bother to use this exploit to gain root access. It already has it! Just do the damage immediately, inserting a keylogger, recruiting the server into a botnet, using it as a spam engine, or whatever. Why bother creating a new user that I might notice? I'm far less concerned about exploits that you already have to be root to take advantage of. Or am I missing something? --Fred ------------------------------------------------------------------------ Fred Stluka -- Bristle Software, Inc. -- http://bristle.com #DontBeATrump -- Make America Honorable Again! ------------------------------------------------------------------------ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug