Linux Non Root Exploits – 4 Ways In which Even A Normal User Can Cause Real Damage To Your Linux System

By | 06/06/2013

Linux is considered to be a fairly secure operating system due to the way it is designed. For example, you cannot just download an executable and accidentally run it. If you want to execute it, you have to explicitly set its executable bit ON. Similarly, if you want to tweak any system specific parameter or configuration,¬† you have to attain root privileges first and after doing stuff, you can de-escalate the privilege level. These types of security pillars work well to ensure that Linux system doesn’t get exploited easily.

Most of the Linux users have this perception that as long as a hacker does not attain root privileges, there is not much damage that he/she can do to a Linux system. I would say it is true but to a certain extent only. And to prove my point, here, in this article, I will discuss 4 ways in which access to a Linux box even with non-root privileges can cause some serious damage.

 

Linux non root exploits

1. A normal user can consume a good amount of your system resources

Yes, if you do not administer your Linux machine carefully and properly, any normal user with non-root access rights can seriously slow down your Linux machine by consuming more and more of your system resources. For example, what if he/she explodes a fork bomb on your machine? This could very well be termed as a denial of service attack.

To stay on the safer side, it is always advised to read more and more to understand your OS better. For example, to make sure that fork bombs do not cause major damage, you should know how to limit system resources like number of processes for a non root user. Here is a good starting point related to this.

2. A normal user can read important information from files kept in read only mode for all

Yes, it may very well happen. There can be files (for example, database related files) that may store sensitive information like database connection passwords and are set in read only mode for all. Another example could be reading SSH keys stored in ill-configured files to gain access to other systems. You, as an administrator need to make sure that all your sensitive stuff in not available to any normal user, be it read only mode.

3. Through internet  РAccessing illegal websites, sending spam e-mails etc.

If someone is hell-bent to take some revenge, he/she can do a simple wget and pull of a simple trick of accessing illegal websites (for example, child pornography related websites) and pheeeeewwwww, you could well land up in jail if he/she is smart enough to remove all the traces that can prove you innocent.

Another thing a non root user do is send spam e-mails from your system using local mail server. Regular and intelligent monitoring is the key here.

4. Local privilege escalation

If the user is smart enough, he/she can use some vulnerability to escalate access privileges. Sometimes, they might end up with having root privileges. Once they have that, your system is at their mercy. For example, rm -rf / and its all over for you. The key here is to stay updated. Keep track of the loop holes (however small they be) of the Linux kernel and Linux flavour that you are using. See if there is an official patch release for some severe bug and then update your system with that patch immediately.

Most of the virus, worms succeed either because of a zero day attack or because the system admin has not updated the OS with released patches for known bugs. Here is an example of a local privilege escalation problem encountered in Red Hat Linux which was fixed.

NOTE – Although its generic but still worth mentioning that normal users can also use social engineering tricks to get root password.

That was all I knew. It would be great if you can share your thoughts on this topic.

Here are some excellent resources for reading more on security :

10 thoughts on “Linux Non Root Exploits – 4 Ways In which Even A Normal User Can Cause Real Damage To Your Linux System

    1. Himanshu Post author

      These could be or could not be Linux specific. I am a Linux guy and I talk about Linux only. Something which I thought could be generic, I specified explicitly.

      Reply
  1. Alain

    Yes, a normal user can do that. But in a Linux server, normal user don’t have to access via SSH. I’m an admin Linux and production server is dedicated only to admin.

    Like Windows server, when you have access to the server, many informations is accessibles and you can destroy many things.

    Reply
    1. PowerPenguin

      What? If this is really your setup and view of an production server then you clearly no understanding in how to administrate a linux box.

      Reply
    1. PowerPenguin

      Nope! This are possible scenarios even for linux, but there are a lot more.

      Reply
  2. joat

    Himanshu,

    Don’t let us get you down. I do like your articles. This one just didn’t match the title well.

    – joat

    Reply
  3. freethinker

    Hi,

    rm -rf / will remove {bin.boot,…/var} but first removed will be /bin where rm binaries exists.So this command can only remove your /bin folder.So other partitions still exists.

    hahaha!!!!!!!!!

    Reply
    1. Benji Wiebe

      I know this is an old discussion…but for those who land here from Google (like me), ‘rm -rf /’ will not work. ‘rm -rf –no-preserve-root /’ is the command needed; and it will delete everything, NOT just the /bin directory. In Linux, a program can continue to run even if the file has been deleted.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *