• scinde@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    What do you mean get root itself with a modified su? A program that has been run as a user cannot just get root permissions, that’s called a privilege escalation attack and is a serious vulnerability in the kernel which gets fixed quickly when found.

    • Doctor xNo@r.nf
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Any attack is usually non-intended vulnarabilities. Same argument applies to any software, like nano, if it can open doors to your system.

      • scinde@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Of course it applies to any software, but some programs are more vulnerable than others. For example, when you want to have cryptography in your program, you use an established library, not write the algorithms yourself, because those libraries were written with security in mind (i.e. have protections against different kinds of attacks, for example, side channel attacks, in addition to being implemented properly). The whole point is to minimize the surface of attack, so that your system is more secure. And one way of doing so is to not give root permissions to programs that don’t need it (such as text editors like nano).

        • Doctor xNo@r.nf
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Yeah, well, as you said: it’s probably fixed by now, but I used to have a universal su that would work on any armv7 linux (so basically every phone back then, but also on my armv7 little laptop I had at the time…) with which I was able to easily root any phone by putting it in /data/local and making it bootable, then using full path to move any Android root files in place (though I did also just copy that su itself to /system/bin for root on cheaper phones sometimes, which is just playing with fire as it basically makes any root action unseen and allowed. 😂). That did work for years though, but that’s probably cause Android minimizes the linux and never actually updated the kernel so much, and the laptop’s flashed OS was something altered with also very little updates. And ARM was still quite new to the public too. 🤷‍♂️

          I remember I came across it in the rooting package for my Kindle Fire and only found out it could do that by accident,… 😅 It couldn’t change user, though, it had only 1 use without parameters, which resulted as if you do a ‘sudo su’ if you remove the sudo password-requirement.

          Hence why I used the example. I wasn’t being limitative to it, though. There’s so many things that could screw you if it has a vulnerability, if it happens I very much doubt it’ll be through nano, though.