Skip to Content
Security De-Engineering
book

Security De-Engineering

by Ian Tibble
December 2011
Intermediate to advanced content levelIntermediate to advanced
332 pages
9h 15m
English
Auerbach Publications
Content preview from Security De-Engineering
80 Security De-engineering
variety of other things such as “world writable” directories, scheduled
job permissions, and password hashes from the /etc/passwd le.
“Setuid root” privileges are especially interesting for Hackers in these
local privilege escalation cases. e setuid bit for a root-owned program
gives the program root privileges when it runs, regardless of which user
executes the program. So, in brief, if an attacker can exploit vulnerabil-
ity with the setuid root program, they can gain local root privileges. Not
many IT operations sta will be aware of this local privilege escalation
vector. Some programs need setuid permissions in order to function,
whereas others do not. Earlier versions of Oracle’s database manage-
ment soft
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Advanced Persistent Threat

Advanced Persistent Threat

Eric Cole
Point & Click OpenOffice.org!

Point & Click OpenOffice.org!

Robin ‘Roblimo’ Miller

Publisher Resources

ISBN: 9781439868355