3/8 I'm reading about an old exploit where someone used a buffer overflow
in a printer daemon to get "daemon privileges," which allowed them
to use another exploit on the mail delivery program to get root. I'm
not sure what daemon privileges are. Is there some set of priveleges
that most daemons run on that is higher than user but lower than root?
What are they? I've never heard this before.
\_ It used to be common to run daemons as a user named "daemon". The
daemon account doesn't have any special privileges, but if all your
daemons are running in a single account, anyone who breaks into the
account gets access to all of them. Modern systems run each daemon
as a separate user, so if you break into apache you only get access
to the "www" account or whatever.
\_ And to expound, usually these users like 'daemon' and 'apache'
are given *less privilege* than a normal user - at least to the
extent that is possible with UNIX permissions. For instance,
they have no login shell.
\_ Ok, thanks. So, I guess the idea here is that the mail delivery
program was running as daemon, but hadn't dropped root
permanently?
\_ Probably the deal was that the mail daemon had a function
which runs as root, but only allows programs running as
daemon to access it. So once you can run arbitrary code
as daemon, you can run the mail function as root. -tom |
http://csua.com/feed/