Menu
Let's say I let my friend "Stuart" have an account on my VPS with very limited privileges because he asked very nicely. Since Stuart isn't so bright, he accidentally posts his password in an IRC chatroom, and now everyone and his/her grandma can ssh into his account. My question is, in the hands of an experienced hacker, what kind of damage can be done to the system?
Could someone just write a simple C program to intentionally manipulate a buffer overflow in strcpy and serve up a root shell for full control of the system, or are there built-in protections against that in the OS?
997
There are any number of attackers an attacker with local privileges could perform including but not limited to:
The attack you describe however is not possible as the file would have to have to be owned by root and have the setuid or setgid bits set.
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
