Are there any real life scenarios where an untrusted user is allowed access to a machine with an unprivileged account? I know there are (or were?) some public shared machines where you can ssh in for fun, but those aren’t serious.
I’m thinking maybe a POS system or kiosk running Linux, and there’s shell access? This could possibly also be useful for jailbreaking devices that ship with Linux, but are locked down… Maybe like a car infotainment system?
Every university with an https://en.wikipedia.org/wiki/High-performance_computing system or a lab with Linux workstations gives shell access to what amount to untrusted users. If antivirus or similar software on the system doesn’t proactively catch the exploit, it’s a bad day.
It’s bad enough on its own because a bad actor can steal SSH-keys this way, but combined with this exploit they will be able to install a rootkit and compromise your entire system.
Are there any real life scenarios where an untrusted user is allowed access to a machine with an unprivileged account? I know there are (or were?) some public shared machines where you can ssh in for fun, but those aren’t serious.
I’m thinking maybe a POS system or kiosk running Linux, and there’s shell access? This could possibly also be useful for jailbreaking devices that ship with Linux, but are locked down… Maybe like a car infotainment system?
Every university with an https://en.wikipedia.org/wiki/High-performance_computing system or a lab with Linux workstations gives shell access to what amount to untrusted users. If antivirus or similar software on the system doesn’t proactively catch the exploit, it’s a bad day.
Pretty much all those examples, but the real danger is chaining this exploit with others
Perhaps someone is sitting on a couple exploits to get them into a system, but only to an unprivileged user, this would be a great final act
In the Node.js world adding a dependency may lead to arbitrary code being executed.
It’s bad enough on its own because a bad actor can steal SSH-keys this way, but combined with this exploit they will be able to install a rootkit and compromise your entire system.
Only every local file inclusion bug ever. Include shellcode, run as webserver privs, escalate locally.