Linux security: The dangers of executing malignant code as a standard user

Posted by AndreasT on Super User See other posts from Super User or by AndreasT
Published on 2011-01-28T14:29:38Z Indexed on 2011/01/28 23:29 UTC
Read the original article Hit count: 254

Filed under:
|

Slipping some (non-root) user a piece of malignant code that he or she executes might be considered as one of the highest security breaches possible. (The only higher I can see is actually accessing the root user)

What can an attacker effectively do when he/she gets a standard, (let's say a normal Ubuntu user) to execute code? Where would an attacker go from there? What would that piece of code do?

Let's say that the user is not stupid enough to be lured into entering the root/sudo password into a form/program she doesn't know. Only software from trusted sources is installed.

The way I see it there is not really much one could do, is there?

Addition: I partially ask this because I am thinking of granting some people shell (non-root) access to my server. They should be able to have normal access to programs. I want them to be able to compile programs with gcc. So there will definitely be arbitrary code run in user-space...

© Super User or respective owner

Related posts about linux

Related posts about security