Is Sudo Almost Useless?

栏目: IT技术 · 发布时间: 4年前

Once an attacker has a shell as your sudoer user (or just compromised a local process enough), he/she can use one of the many privilege escalation tool to even automatically put themselves for example as apt or some other processed called by root to gain root access (see also What can an attacker do in this scenario? (unwritable bashrc, profile, etc.) ).

What's the point of sudo then outside of blocking smaller payloads or making it a bit harder? It seems that the focus should be on SELinux and such.

Edit: There are 2 side of this question (I should have been more specific). First, what I initially meant, for a standard Linux desktop user. A pretty different answer could be given for a machine administered by someone else.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

数论概论

数论概论

希尔弗曼 / 孙智伟 / 机械工业出版社 / 2008-5 / 42.00元

《数论概论(原书第3版)》讲述了有关数论大量有趣的知识,以及数论的一般方法和应用,循序渐进地启发读者用数学方法思考问题,此外还介绍了目前数论研究的某些前沿课题。《数论概论(原书第3版)》采用轻松的写作风格,引领读者进入美妙的数论世界,不断激发读者的好奇心,并通过一些精心设计的练习来培养读者的探索精神与创新能力。一起来看看 《数论概论》 这本书的介绍吧!

图片转BASE64编码
图片转BASE64编码

在线图片转Base64编码工具

XML、JSON 在线转换
XML、JSON 在线转换

在线XML、JSON转换工具

UNIX 时间戳转换
UNIX 时间戳转换

UNIX 时间戳转换