Security threat?

Heh... I'd love to see someone even TRY to exploit this.

Pretty soon they're going to tell us that having a user account on the machine is a security threat.
 
Yes, since the exploit actually requires the system to somehow create a symbolic link on the file system, it would be near impossible to actually use this exploit to hack or damage a system.
The fix provided should easily patch the problem in the meantime.
 
The risk is a very real privilege escalation attack. Yes, you need shell or console access to the machine, but that's common to most installations. In a situation where many people have a legitimate account (like, a school computer lab, or a company network), you can't have people just arbitrarily making themselves root.

This lets you turn non-root access into root access. Did you read the full article? The guy turned /bin/sh into an suid-root executable - as a regular user, he made himself a shell that always runs as root. That's a big problem.

Pretty much any major remote hack consists of two major parts - getting access, and elevating the privileges of that access. This is the second part. If your users already have accounts, there is no need for the first part.
 
You must log in or register to reply here.
Back
Top