Linux is considered to be a fairly secure operating system due to the way it is designed. For example, you cannot just download an executable and accidentally run it. If you want to execute it, you have to explicitly set its executable bit ON. Similarly, if you want to tweak any system specific parameter or configuration, you have to attain root privileges first and after doing stuff, you can de-escalate the privilege level. These types of security pillars work well to ensure that Linux system doesn’t get exploited easily.
Most of the Linux users have this perception that as long as a hacker does not attain root privileges, there is not much damage that he/she can do to a Linux system. I would say it is true but to a certain extent only. And to prove my point, here, in this article, I will discuss 4 ways in which access to a Linux box even with non-root privileges can cause some serious damage.
Linux non root exploits
1. A normal user can consume a good amount of your system resources
Yes, if you do not administer your Linux machine carefully and properly, any normal user with non-root access rights can seriously slow down your Linux machine by consuming more and more of your system resources. For example, what if he/she explodes a fork bomb on your machine? This could very well be termed as a denial of service attack.
To stay on the safer side, it is always advised to read more and more to understand your OS better. For example, to make sure that fork bombs do not cause major damage, you should know how to limit system resources like number of processes for a non root user. Here is a good starting point related to this.
2. A normal user can read important information from files kept in read only mode for all
Yes, it may very well happen. There can be files (for example, database related files) that may store sensitive information like database connection passwords and are set in read only mode for all. Another example could be reading SSH keys stored in ill-configured files to gain access to other systems. You, as an administrator need to make sure that all your sensitive stuff in not available to any normal user, be it read only mode.
3. Through internet – Accessing illegal websites, sending spam e-mails etc.
If someone is hell-bent to take some revenge, he/she can do a simple wget and pull of a simple trick of accessing illegal websites (for example, child pornography related websites) and pheeeeewwwww, you could well land up in jail if he/she is smart enough to remove all the traces that can prove you innocent.
Another thing a non root user do is send spam e-mails from your system using local mail server. Regular and intelligent monitoring is the key here.
4. Local privilege escalation
If the user is smart enough, he/she can use some vulnerability to escalate access privileges. Sometimes, they might end up with having root privileges. Once they have that, your system is at their mercy. For example, rm -rf / and its all over for you. The key here is to stay updated. Keep track of the loop holes (however small they be) of the Linux kernel and Linux flavour that you are using. See if there is an official patch release for some severe bug and then update your system with that patch immediately.
Most of the virus, worms succeed either because of a zero day attack or because the system admin has not updated the OS with released patches for known bugs. Here is an example of a local privilege escalation problem encountered in Red Hat Linux which was fixed.
NOTE – Although its generic but still worth mentioning that normal users can also use social engineering tricks to get root password.
That was all I knew. It would be great if you can share your thoughts on this topic.
Here are some excellent resources for reading more on security :