[gamer191]

Interesting. If that’s possible (I haven’t tested it, but I’m sure it is) then you wouldn’t even need to log the password. You could just alias sudo to a bash script that runs your malicious payload using the real sudo. Then the user would run the command, be prompted for their password by the real sudo, and be none the wiser that a malicious script has just been executed

For what it’s worth, Windows’ security model says it’s not an exploit that programs can grant themselves admin rights if the user is an admin (https://github.com/hfiref0x/UACME). But afaik Linux doesn’t have that model so it is a bit of an issue that this is possible

[hnlmorg]

> Interesting. If that’s possible

It’s not possible. At least not unless those users have already borked their own system.

The previous poster was clutching at straws.

[IshKebab]

Of course it's possible. I've tried it. It works. It's just standard Unix features. What makes you think it isn't possible?

[hnlmorg]

For the reasons I’ve already stated: daemons don’t run with permissions to write into users directories.

You’ve shifted goal posts to now talk about desktop applications when the topic was originally about daemons

[IshKebab]

> You’ve shifted goal posts to now talk about desktop applications when the topic was originally about daemons

You imagined that. The topic was never originally about daemons.

[hnlmorg]

It’s literally in the opening post you replied to:

> A local privilege escalation to root via an exploitable service?

> Doesn't Linux have one of these CVEs...each week?

Why else would people be talking about docker, and user/group ownership of running services, and so on and so forth, in response to their comment and yours?

[IshKebab]

If you actually read the article, the "exploitable service" is Windows Defender scanning a file that the user has downloaded.