On Thu, 12 Aug 2021 13:44:24 +0200, Philipp Kern <pk...@debian.org> wrote: >On 2021-08-12 12:23, Polyna-Maude Racicot-Summerside wrote: >> Now if people start doing stuff they don't master than it's not >> privilege escalation but much more something like another manifestation >> of human stupidity. And this, there won't be a number of article >> sufficient to make people change. >[...] >> This is only a article made to get people onto a website and see >> publicity or whatever goal the author set. There's nothing genuine in >> there. > >I think it's less about human stupidity than about all the knowledge you >need to acquire (and retain) to securely administer a system. It is not >easy. The concern expressed here is pretty much common knowledge among >sysadmins of ye olde times.
I think the essence of the article is, that on some apt/dpkg using distributions, a "normal" user gets sudo rights to do apt only (I have never seen that on Debian, do we do this in some corner case?) and is able to escalate to root from that trivially, even without doctoring some malicious package, just shell out from dpkg's conffile prompt to a full root shell. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
