bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux Local Privilege Escalation


From: Eli Schwartz
Subject: Re: Linux Local Privilege Escalation
Date: Fri, 12 Apr 2019 18:00:03 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

On 4/12/19 5:56 PM, Vladimir Marek wrote:
> It escapes me how changing your own $PATH makes another user execute
> files in /tmp. And if someone has /tmp in $PATH moreover before anything
> else (or . for that matter) he deserves it. Right?

I assume the idea is to escalate write access to another user's account,
to password-guarded sudo access. And yes, that too means you're already
screwed in many, many ways. There are far too many ways to trick a user
into entering their login password in order to grab sudo credentials.

-- 
Eli Schwartz
Arch Linux Bug Wrangler and Trusted User

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]