Are most Linux systems that allow non-root users to execute code straightforwardly rootable?

Clash Royale CLAN TAG#URR8PPP

up vote
2
down vote

favorite

1

long story short if you can execute code on a box it is usually straightforward to get root

(quote source)

The immediate implication of this quote (if it's accurate) is that if you're running a multi-user system and don't try your darndest to prevent all users from creating files with x permission set the system is as good as compromised. The corollary is that operating a multi-user system, such as ones typically found in universities, that by design allow all students to do exercises in C, C++, assembly etc, is pointless, since any student can straightforwardly root this system.

Since running computer systems intended to be used by more people than their owners is not considered pointless and privilege limiting facilities (users' rights management, sandboxing, etc etc) are not considered useless, I somehow doubt this kinds of comments. But what can I know?

Is it true that most Linux systems are straightforwardly rootable by anyone who can execute code on them?

linux root

share|improve this question

asked 1 hour ago

gaazkam

8781612

add a comment | 

up vote
2
down vote

favorite

1

long story short if you can execute code on a box it is usually straightforward to get root

(quote source)

The immediate implication of this quote (if it's accurate) is that if you're running a multi-user system and don't try your darndest to prevent all users from creating files with x permission set the system is as good as compromised. The corollary is that operating a multi-user system, such as ones typically found in universities, that by design allow all students to do exercises in C, C++, assembly etc, is pointless, since any student can straightforwardly root this system.

Since running computer systems intended to be used by more people than their owners is not considered pointless and privilege limiting facilities (users' rights management, sandboxing, etc etc) are not considered useless, I somehow doubt this kinds of comments. But what can I know?

Is it true that most Linux systems are straightforwardly rootable by anyone who can execute code on them?

linux root

share|improve this question

asked 1 hour ago

gaazkam

8781612

add a comment | 

up vote
2
down vote

favorite

1

up vote
2
down vote

favorite

1

1

long story short if you can execute code on a box it is usually straightforward to get root

(quote source)

The immediate implication of this quote (if it's accurate) is that if you're running a multi-user system and don't try your darndest to prevent all users from creating files with x permission set the system is as good as compromised. The corollary is that operating a multi-user system, such as ones typically found in universities, that by design allow all students to do exercises in C, C++, assembly etc, is pointless, since any student can straightforwardly root this system.

Since running computer systems intended to be used by more people than their owners is not considered pointless and privilege limiting facilities (users' rights management, sandboxing, etc etc) are not considered useless, I somehow doubt this kinds of comments. But what can I know?

Is it true that most Linux systems are straightforwardly rootable by anyone who can execute code on them?

linux root

share|improve this question

asked 1 hour ago

gaazkam

8781612

long story short if you can execute code on a box it is usually straightforward to get root

(quote source)

The immediate implication of this quote (if it's accurate) is that if you're running a multi-user system and don't try your darndest to prevent all users from creating files with x permission set the system is as good as compromised. The corollary is that operating a multi-user system, such as ones typically found in universities, that by design allow all students to do exercises in C, C++, assembly etc, is pointless, since any student can straightforwardly root this system.

Since running computer systems intended to be used by more people than their owners is not considered pointless and privilege limiting facilities (users' rights management, sandboxing, etc etc) are not considered useless, I somehow doubt this kinds of comments. But what can I know?

Is it true that most Linux systems are straightforwardly rootable by anyone who can execute code on them?

linux root

linux root

share|improve this question

asked 1 hour ago

gaazkam

8781612

share|improve this question

asked 1 hour ago

gaazkam

8781612

share|improve this question

share|improve this question

asked 1 hour ago

gaazkam

8781612

asked 1 hour ago

gaazkam

8781612

asked 1 hour ago

gaazkam

8781612

8781612

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
5
down vote

No, this is not correct. While one may argue about the relative difficulty of finding and exploiting 0day vulnerabilities on Linux when you have local access, the security architecture itself of a modern Linux system (with an MMU) is designed to isolate different users and prevent privilege escalation. A non-root user cannot gain root without proper authorization without exploiting an extant vulnerability, and such privilege escalation vulnerabilities are very quickly patched as soon as they are discovered.

It is possible, however, to abuse the human factor and gain root by exploiting common misconceptions ubiquitous to the sysadmin profession. For example, if you use sudo to elevate privileges to root from an untrusted user, then that untrusted user can log keystrokes made and obtain the root password. Since many sysadmins routinely abuse sudo in this way, you could say that it is straightforward to root a Linux box once you have unprivileged local code execution. This is, however, dependent on the sysadmin not understanding the security architecture of their system. A few other examples:

• Tricking a sysadmin into running ldd on a malicious static executable as root.




• Dropping down to a lesser user from root, allowing a TTY pushback attack.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

forest

24.1k127491

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196664%2fare-most-linux-systems-that-allow-non-root-users-to-execute-code-straightforward%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
5
down vote

No, this is not correct. While one may argue about the relative difficulty of finding and exploiting 0day vulnerabilities on Linux when you have local access, the security architecture itself of a modern Linux system (with an MMU) is designed to isolate different users and prevent privilege escalation. A non-root user cannot gain root without proper authorization without exploiting an extant vulnerability, and such privilege escalation vulnerabilities are very quickly patched as soon as they are discovered.

It is possible, however, to abuse the human factor and gain root by exploiting common misconceptions ubiquitous to the sysadmin profession. For example, if you use sudo to elevate privileges to root from an untrusted user, then that untrusted user can log keystrokes made and obtain the root password. Since many sysadmins routinely abuse sudo in this way, you could say that it is straightforward to root a Linux box once you have unprivileged local code execution. This is, however, dependent on the sysadmin not understanding the security architecture of their system. A few other examples:

• Tricking a sysadmin into running ldd on a malicious static executable as root.




• Dropping down to a lesser user from root, allowing a TTY pushback attack.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

forest

24.1k127491

add a comment | 

up vote
5
down vote

No, this is not correct. While one may argue about the relative difficulty of finding and exploiting 0day vulnerabilities on Linux when you have local access, the security architecture itself of a modern Linux system (with an MMU) is designed to isolate different users and prevent privilege escalation. A non-root user cannot gain root without proper authorization without exploiting an extant vulnerability, and such privilege escalation vulnerabilities are very quickly patched as soon as they are discovered.

It is possible, however, to abuse the human factor and gain root by exploiting common misconceptions ubiquitous to the sysadmin profession. For example, if you use sudo to elevate privileges to root from an untrusted user, then that untrusted user can log keystrokes made and obtain the root password. Since many sysadmins routinely abuse sudo in this way, you could say that it is straightforward to root a Linux box once you have unprivileged local code execution. This is, however, dependent on the sysadmin not understanding the security architecture of their system. A few other examples:

• Tricking a sysadmin into running ldd on a malicious static executable as root.




• Dropping down to a lesser user from root, allowing a TTY pushback attack.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

forest

24.1k127491

add a comment | 

up vote
5
down vote

up vote
5
down vote

No, this is not correct. While one may argue about the relative difficulty of finding and exploiting 0day vulnerabilities on Linux when you have local access, the security architecture itself of a modern Linux system (with an MMU) is designed to isolate different users and prevent privilege escalation. A non-root user cannot gain root without proper authorization without exploiting an extant vulnerability, and such privilege escalation vulnerabilities are very quickly patched as soon as they are discovered.

It is possible, however, to abuse the human factor and gain root by exploiting common misconceptions ubiquitous to the sysadmin profession. For example, if you use sudo to elevate privileges to root from an untrusted user, then that untrusted user can log keystrokes made and obtain the root password. Since many sysadmins routinely abuse sudo in this way, you could say that it is straightforward to root a Linux box once you have unprivileged local code execution. This is, however, dependent on the sysadmin not understanding the security architecture of their system. A few other examples:

• Tricking a sysadmin into running ldd on a malicious static executable as root.




• Dropping down to a lesser user from root, allowing a TTY pushback attack.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

forest

24.1k127491

No, this is not correct. While one may argue about the relative difficulty of finding and exploiting 0day vulnerabilities on Linux when you have local access, the security architecture itself of a modern Linux system (with an MMU) is designed to isolate different users and prevent privilege escalation. A non-root user cannot gain root without proper authorization without exploiting an extant vulnerability, and such privilege escalation vulnerabilities are very quickly patched as soon as they are discovered.

It is possible, however, to abuse the human factor and gain root by exploiting common misconceptions ubiquitous to the sysadmin profession. For example, if you use sudo to elevate privileges to root from an untrusted user, then that untrusted user can log keystrokes made and obtain the root password. Since many sysadmins routinely abuse sudo in this way, you could say that it is straightforward to root a Linux box once you have unprivileged local code execution. This is, however, dependent on the sysadmin not understanding the security architecture of their system. A few other examples:

• Tricking a sysadmin into running ldd on a malicious static executable as root.




• Dropping down to a lesser user from root, allowing a TTY pushback attack.

share|improve this answer

edited 1 hour ago

answered 1 hour ago

forest

24.1k127491

share|improve this answer

share|improve this answer

edited 1 hour ago

edited 1 hour ago

edited 1 hour ago

answered 1 hour ago

forest

24.1k127491

answered 1 hour ago

forest

24.1k127491

answered 1 hour ago

forest

24.1k127491

24.1k127491

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196664%2fare-most-linux-systems-that-allow-non-root-users-to-execute-code-straightforward%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email