linux特权用户
The “Principle of Least Privilege” means that applications and processes should only be granted the privileges that they require to complete their tasks. It is a best practice that lowers the risk of system compromise during an attack.
“最低特权原则”意味着应仅向应用程序和进程授予完成任务所需的特权。 最佳做法是降低攻击过程中系统受损的风险。
For example, when an application requires only read access to a file, it should not be granted any write or execute permissions. Because if an attacker hijacks an application that runs with high privilege, the attacker can gain its permissions.
例如,当应用程序仅需要对文件的读取访问权限时,不应授予该应用程序任何写或执行权限。 因为如果攻击者劫持了以高特权运行的应用程序,则攻击者可以获得其权限。
In reality, many applications and services run using high or even root privileges. This is because some systems lack the granular permissions control needed to apply the principle of least privilege. Sometimes, developers and admins forget to apply the best practice. Still, sometimes, developers and admins take a shortcut to avoid dealing with detailed permission control.
实际上,许多应用程序和服务使用高权限甚至根特权运行。 这是因为某些系统缺少应用最低特权原则所需的精细权限控制。 有时,开发人员和管理员会忘记应用最佳实践。 尽管如此,有时开发人员和管理员还是会采取捷径来避免处理详细的权限控制。
Additionally, some applications that are not meant to be run using high privileges do not implement the appropriate safety precautions against attackers. Overprivileged processes thus create a dangerous security weakness that could compromise the entire system.
此外,某些不希望使用高特权运行的应用程序无法实施针对攻击者的适当安全预防措施。 因此,特权过高的进程会造成危险的安全漏洞,从而可能危及整个系统。
Today, let’s look at three things that attackers can do when they encounter an overprivileged process running as root.
今天,让我们看一下攻击者遇到以root用户身份运行的特权进程时可以做的三件事。
利用经典的命令注入 (Exploiting a classic command injection)
Let’s say that a web application suffers from a classic command injection attack.
假设Web应用程序遭受经典的命令注入攻击。
<?php[...]$file=$_GET['filename'];
system("echo $file");[...]?>
The application allows users to read a system file by submitting the filename via a GET request parameter.
该应用程序允许用户通过GET请求参数提交文件名来读取系统文件。
https://example.com/read?filename=abc.txt
This is a pretty bad vulnerability already. The application lacks any input validation on the system call and enables attackers to execute all kinds of system commands via command injection.
这已经是一个非常糟糕的漏洞。 该应用程序在系统调用上没有任何输入验证,并且使攻击者能够通过