>>97stop moving goalposts, anus. first you said that it can be trivially prevented, now you say that I must give you examples. this once again proves that your're are speaking out of your're are anus (recursively, because your're are an anus). but OK, I'll explain it to you:
priv-esc is not an attack method. it's a consequence of an attack: one user (normally a low-privileged one) can execute code as another (normally high-privileged). usually, it's done by exploiting a process running with desired privileges (so things like buffer overflows and injections, but also logic bugs and race conditions which cannot be trivially prevented by a type system), but it can also come from exploitation of bad OS-level configuration - e.g. parameter injection through shell expansion, world-writeable suid binaries/scripts, world-writeable (and overly powerful) configs etc.
Edited on 22/11/2018 11:26.
>>97
stop moving goalposts, anus. first you said that it can be trivially prevented, now you say that I must give you examples. this once again proves that your're are speaking out of your're are anus (recursively, because your're are an anus) who doesn't know what he's talking about. but OK, I'll explain it to you:
stop moving goalposts, anus. first you said that it can be trivially prevented, now you say that I must give you examples. this once again proves that your're are speaking out of your're are anus (recursively, because your're are an anus). but OK, I'll explain it to you:
priv-esc is not an attack method. it's a consequence of an attack: one user (normally a low-privileged one) can execute code as another (normally high-privileged). usually, it's done by exploiting a process running with desired privileges (so things like buffer overflows and injections, but also logic bugs and race conditions which cannot be trivially prevented by a type system), but it can also come from exploitation of bad OS-level configuration - e.g. parameter injection through shell expansion, world-writeable suid binaries/scripts, world-writeable (and overly powerful) configs etc.