Security rachelbythebay.com

Asking nicely for root command execution (and getting it)  ↦

This is an eye-opening little story of some software folks who stumbled upon a gaping hole in their system and what that means for the rest of us:

Suffice it to say, if you work someplace with enough machines, there’s probably some way for you to get root on all of them if you can hit them with a handful of packets. I’ve seen it happen far too many times at enough companies to expect things to stay secure. I’m not talking about buffer overflows and stuff like that, although those exist too. I mean just straight up asking a service to please run a command for you (as root), and it gladly complies.


Discussion

Sign in or Join to comment or subscribe

0:00 / 0:00