Hacker News new | ask | show | jobs
by darawk 2677 days ago
Not necessarily. You could, for instance, elevate the privileges of a process you can't completely control, which might allow you to read sensitive files or disrupt a system, but not perform arbitrary actions with those privileges.
1 comments
Sohcahtoa82 2677 days ago
I concede that privesc without code execution can be useful, but my original claim that privesc is not necessarily code execution still stands.
link
darawk 2677 days ago
I think we agree then? I said "assuming you can execute arbitrary code with the elevated privileges".
link