Auteur: Simon Hobson Datum: Aan: dng@lists.dyne.org Onderwerp: Re: [DNG] Beware
Arnt Gulbrandsen <arnt@???> wrote:
> By now, the concept of unprivileged local users is a little obsolete anyway.
>
> Today, hosts generally serve only one unix user, there generally is only one local user of one host, and that local user is the user that owns everything valuable. So is the a real point to local-user-to-root exploits? I suppose there is, but it is much smaller than it was ten or twenty years ago.
It depends on what you are doing.
It's a fairly quick and easy way to separate users on (eg) web hosting - by having Apache execute each site as a specific user. Yes I'm sure there are better and more secure ways of doing it, but when you inherit a setup where you have to trust each customer not to take a peek around other customer's sites (and grab their DB access credentials from the Wordpress config file) then it's a big step forwards !
And regardless of how you separate users, having an exploitable privilege escalation flaw means that someone compromising one of your customer's sites is then able to escalate their privileges to do more damage than they could from an unprivileged account.