wpeckham |
07-17-2019 06:44 AM |
Quote:
Originally Posted by lelunicu
(Post 6015788)
hi,
let`s say an application listen on port 50 and run with root user.
If somebody external has access to the socket on which this application is bond how this hacker will receive root access?
tnx
|
#1, well behaved, secure application may be started by root but run with restricted authority.
#2, your question is so very general, the port is irrelevant. IT is listening on a port is enough.
#3, the way someone would aquire root access depends entirely upon the application. If it intenionally or through a flaw in the design or code allows either direct access, indirect access, or execution of a flawed read that can be used (as one example)to execute external code using a buffer or block overflow condition, then it might be used either for access or for forcing a denial of service condition. It is not that the application is listening, it is what it DOES when it is listening and connections are used. The application behavior is the vulnerability.
Applications that listen for network connections are secured by reducing authority (see #1 above), reducing network exposure (only allowing connections from known safe nodes or networks), and secure coding of the application so that it does not constitute a vulnerability. Recently a new option has been added: run the application in a container so that it has no access to the host. This is the "ok, I know I have flaws, so leave the door unlocked and let anyone break into this jail cell and join me" option. The risk is that access to the container MAY be used to advance other attacks or with a container flaw to escalate to the host.
[edit] is this homework? Because it just struck me that this is the kind of basic question that miht be asked in "security 101, preperation for the program" on day 2.
|