Linux Privilege Escalation in Four Ways
How overprivileged processes compromise your system
The “Principle of Least Privilege” means that applications and processes should only be granted the privileges that they require to complete their tasks. It is a best practice that lowers the risk of system compromise during an attack.
For example, when an application requires only read access to a file, it should not be granted any write or execute permissions. Because if an attacker hijacks an application that runs with high privilege, the attacker can gain its permissions.
In reality, many applications and services run using high or even root privileges. This is because some systems lack the granular permissions control needed to apply the principle of least privilege. Sometimes, developers and admins forget to apply the best practice. Still, sometimes, developers and admins take a shortcut to avoid dealing with detailed permission control.
Additionally, some applications that are not meant to be run using high privileges do not implement the appropriate safety precautions against attackers. Overprivileged processes thus create a dangerous security weakness that could compromise the entire system.
Today, let’s look at three things that attackers can do when they encounter an…
