| UNIX Privilege Escalation Without Exploitation
Conclusion
  • su(1), newrole(1) and sudo(1) support the specification of a command to run in a new security context, before authentication for that new security context has been completed
  • This can be abused to escalate privileges
  • A proof of concept, using ptrace(2), will be demonstrated
  • A proof of concept, using LD_PRELOAD, will be demonstrated