Using package managers for privilege escalation - an interesting read.



LorenDB

Well-Known Member
Credits
2,431
Ooh, that's not good. That is why you leave permissions set to require sudo authentication for everything except for maybe a few special cases.
 

f33dm3bits

Gold Member
Gold Supporter
Credits
25,725
The reason why you should only use trusted sources for installing packages, as well as the least privileges necessary principal and never run a script before actually having read it yourself so you have an idea of what it will actually be doing to your system. There is a way to execute commands as root when you have sudo access to tcpdump, went looking for it and found what I was talking about plus more.
 
Last edited:

LorenDB

Well-Known Member
Credits
2,431
The reason why you should only used trusted sources for installing packages, as well as the least privileges necessary principal and never run a script before actually having read it yourself so you have an idea of what it will actually be doing to your system. There is a way to execute commands as root when you have sudo access to tcpdump, went looking for it and found what I was talking about plus more.
Looks like an interesting read.
 

kc1di

Well-Known Member
Credits
2,372
Do not give permission more than is needed to do the job at hand. Be careful. Most hacks are actually the fault of human error.
 

JasKinasis

Well-Known Member
Credits
7,781
This is why most of us stick to downloading software from our chosen distros repositories.

If you download software from 3rd party sites, you don’t know exactly what you’re getting, unless you inspect the package thoroughly before even attempting to install it.

Always get your packages from your distro, or from sources that are officially endorsed by whatever company, or collective are behind any given piece of software.

And if you administer a multi-user system - be extremely careful who you give sudo permissions to!
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online

Members online


Latest posts

Top