|
|
|
|
|
|
by bawolff
48 days ago
|
|
|
A sterotypical example would be to have an SUID command that does something the user couldn't normally do, and can be tricked into launching one of these other commands. A less typical example is giving a user restricted shell access where they only have access to a few binaries. I think people used to do access control like that in the 90s, but people stopped because its very hard to get right. Its still a very common challenge in CTFs because its very easy to adjust the skill level and come up with new variations. |
|
|