| UNIX Privilege Escalation Without Exploitation
Details of the ptrace(2) Attack
Exploit an application in the previous security context. For example, Mozilla Firefox.
Use /proc (or something similar) to find all running shell processes in that context
Attach to each shell process, patch
execve(2)
so that it modifies the command to be executed
Now when a user uses one of these shell processes to execute
su -c "cat /var/log/messages"
they will instead be executing
su -c "bad-code-here; cat /var/log/messages"