[hnlmorg]

How are you going to do that without write access to the users home directory?

Like I said before, your RCE exploit will be running as the user and group of the service you exploited. For example www:www

So you’re not going to be able to write into Joe Bloggs .bashrc file unless Joe was stupid enough to enable write permission to “other”. Which, once again, requires the user to purposely modify the system into being less secure than its default configuration

[IshKebab]

> your RCE exploit will be running as the user and group of the service you exploited. For example www:www

Only if the exploit is through a web server or similar. If it's through the user's web browser, email client, video player, etc. etc. then you'll have write access to their home directory.

[hnlmorg]

But thats not a daemon then. Thats a completely different type of exploit from the ones we were originally talking about.

Yes, if a desktop application has a bug then it can do damage. But at that point, who cares about sudo? The exploit already has access to your ssh keys, browser cookies and history (so can access banking and shopping sites), crypto-currency wallets and so on and so forth.

What an exploit has access to here is so much worse than getting root access on a desktop OS.