[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux Local Privilege Escalation
From: |
Eli Schwartz |
Subject: |
Re: Linux Local Privilege Escalation |
Date: |
Fri, 12 Apr 2019 18:00:03 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
On 4/12/19 5:56 PM, Vladimir Marek wrote:
> It escapes me how changing your own $PATH makes another user execute
> files in /tmp. And if someone has /tmp in $PATH moreover before anything
> else (or . for that matter) he deserves it. Right?
I assume the idea is to escalate write access to another user's account,
to password-guarded sudo access. And yes, that too means you're already
screwed in many, many ways. There are far too many ways to trick a user
into entering their login password in order to grab sudo credentials.
--
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature