We frequently hear about newly discovered attacks (or vulnerabilities) against various operating systems. An often important and overlooked aspect of these new attacks is the exploit vector. In general, exploit vectors are of two types: those in which the vulnerability is exploitable over a network and those in which the vulnerability is exploitable locally. Although related, local security and network security require two different approaches. In this chapter, we focus on security from a local security perspective.
Local security addresses the problem of attacks that require the attacker to be able to do something on the system itself for the purpose of gaining root access (administrative access).
For example, a whole ...