Are there any real life scenarios where an untrusted user is allowed access to a machine with an unprivileged account? I know there are (or were?) some public shared machines where you can ssh in for fun, but those aren’t serious.
I’m thinking maybe a POS system or kiosk running Linux, and there’s shell access? This could possibly also be useful for jailbreaking devices that ship with Linux, but are locked down… Maybe like a car infotainment system?
Every university with an https://en.wikipedia.org/wiki/High-performance_computing system or a lab with Linux workstations gives shell access to what amount to untrusted users. If antivirus or similar software on the system doesn’t proactively catch the exploit, it’s a bad day.
It’s bad enough on its own because a bad actor can steal SSH-keys this way, but combined with this exploit they will be able to install a rootkit and compromise your entire system.
Are there any real life scenarios where an untrusted user is allowed access to a machine with an unprivileged account? I know there are (or were?) some public shared machines where you can ssh in for fun, but those aren’t serious.
I’m thinking maybe a POS system or kiosk running Linux, and there’s shell access? This could possibly also be useful for jailbreaking devices that ship with Linux, but are locked down… Maybe like a car infotainment system?
Every university with an https://en.wikipedia.org/wiki/High-performance_computing system or a lab with Linux workstations gives shell access to what amount to untrusted users. If antivirus or similar software on the system doesn’t proactively catch the exploit, it’s a bad day.
In the Node.js world adding a dependency may lead to arbitrary code being executed.
It’s bad enough on its own because a bad actor can steal SSH-keys this way, but combined with this exploit they will be able to install a rootkit and compromise your entire system.
Only every local file inclusion bug ever. Include shellcode, run as webserver privs, escalate locally.
Pretty much all those examples, but the real danger is chaining this exploit with others
Perhaps someone is sitting on a couple exploits to get them into a system, but only to an unprivileged user, this would be a great final act