Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hi,
let`s say an application listen on port 50 and run with root user.
If somebody external has access to the socket on which this application is bond how this hacker will receive root access?
tnx
hi,
let`s say an application listen on port 50 and run with root user.
If somebody external has access to the socket on which this application is bond how this hacker will receive root access?
tnx
#1, well behaved, secure application may be started by root but run with restricted authority.
#2, your question is so very general, the port is irrelevant. IT is listening on a port is enough.
#3, the way someone would aquire root access depends entirely upon the application. If it intenionally or through a flaw in the design or code allows either direct access, indirect access, or execution of a flawed read that can be used (as one example)to execute external code using a buffer or block overflow condition, then it might be used either for access or for forcing a denial of service condition. It is not that the application is listening, it is what it DOES when it is listening and connections are used. The application behavior is the vulnerability.
Applications that listen for network connections are secured by reducing authority (see #1 above), reducing network exposure (only allowing connections from known safe nodes or networks), and secure coding of the application so that it does not constitute a vulnerability. Recently a new option has been added: run the application in a container so that it has no access to the host. This is the "ok, I know I have flaws, so leave the door unlocked and let anyone break into this jail cell and join me" option. The risk is that access to the container MAY be used to advance other attacks or with a container flaw to escalate to the host.
[edit] is this homework? Because it just struck me that this is the kind of basic question that miht be asked in "security 101, preperation for the program" on day 2.
It is not possible for an external user to have access to that socket.
This is the correct answer. You see that "Thread Tools" dropdown? There's an option to mark the thread as "solved". Choose it.
Actually, it would be quite easy for me to give an external user access to that socket. IF I could, then someone else could. What exactly are you thinking about when you say that "It is not possible..."?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
