| Rich Freeman via plug on 29 Mar 2021 06:30:01 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] kernel bug - gain root priv |
On Mon, Mar 29, 2021 at 8:51 AM Fred Stluka via plug <plug@lists.phillylinux.org> wrote: > > Good point! Any exploit that allows a local user to gain root > access is a problem. I like to think I've keep external folks out, > but if I'm not, this makes me much more vulnerable. This is a bit tangential, but root escalations aren't the only issue. A non-root user can do stuff like: * Access all the data the service normally is able to access, bypassing any business logic in the service. * If it is a human-user account then access all that user's personal info, and peek into the memory space of user processes. * Send data out over the network with only a few constraints. * Install rootkit-like tools that are visible to root, but still can be hard to find. My point is that while it is certainly a best practice to use sudo and so on and not run stuff as root, for something like an end-user desktop gaining access to the sole user's data is basically just as bad as gaining access to root. Cleaning up the mess is a little easier if they weren't root, but if you have a compromised PC chances are you're just going to wipe the whole thing anyway. Maybe the biggest advantage of keeping an intruder out of root is that their "rootkits" are much easier to detect that way. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug