Rich Freeman via plug on 29 Mar 2021 06:30:01 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] kernel bug - gain root priv


On Mon, Mar 29, 2021 at 8:51 AM Fred Stluka via plug
<plug@lists.phillylinux.org> wrote:
>
> Good point!  Any exploit that allows a local user to gain root
> access is a problem.  I like to think I've keep external folks out,
> but if I'm not, this makes me much more vulnerable.

This is a bit tangential, but root escalations aren't the only issue.
A non-root user can do stuff like:

* Access all the data the service normally is able to access,
bypassing any business logic in the service.
* If it is a human-user account then access all that user's personal
info, and peek into the memory space of user processes.
* Send data out over the network with only a few constraints.
* Install rootkit-like tools that are visible to root, but still can
be hard to find.

My point is that while it is certainly a best practice to use sudo and
so on and not run stuff as root, for something like an end-user
desktop gaining access to the sole user's data is basically just as
bad as gaining access to root.  Cleaning up the mess is a little
easier if they weren't root, but if you have a compromised PC chances
are you're just going to wipe the whole thing anyway.  Maybe the
biggest advantage of keeping an intruder out of root is that their
"rootkits" are much easier to detect that way.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug