View Single Post
  #8   (View Single Post)  
Old 30th June 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Imagine you have a small server application running. You can run it as root, some user with login shell, or some user without login shell.

Your server application gets hit with a buffer overflow attack (for example, it could get hit with any range of other attacks as well). The attack's payload is set to insert an ssh key into $HOME/.ssh/authorized_keys, meaning the attacker can then ssh to the host machine without a password.

As root, the attacker just compromised the entire machine. As normal user, the attacker can login then launch priv. escalation attacks to gain root. As user w/nologin, the attacker is stuck out in the cold.

Make sense?
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.

Last edited by rocket357; 30th June 2011 at 03:19 PM.
Reply With Quote