| PaulNM via plug on 24 Mar 2021 20:35:41 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] kernel bug - gain root priv |
On 3/24/21 4:08 PM, Fred Stluka via plug wrote: > Jeff, > > Thanks for the tip! I especially appreciate your summary of the > problem. Saying "could allow local attackers" is VERY useful to > me. For servers where I'm the only local user, I don't have to > worry about this one. > Be careful about that kind of thinking. Anything that runs on your server does so as a local user. A vulnerability in one of those could allow an attacker to do something locally. For example, a vulnerability in a webserver allows an attacker to run code on the server as the www-data user (or whatever user the service is running as). If you read up on pretty much any major breech you'll find they tend to be like that, a multi-step process that gives them more and more control. The only thing "local attack" effectively means is that an attacker will have to take an extra step or two to gain control. That's MUCH better than a remote vulnerability, but still a problem that needs to be addressed. - PaulNM ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug