1. 26

  2. 17

    Denial of service seems like a better description than privilege escalation. In the taxonomy of bad stuff, the latter usually implies getting to do something more interesting than halt.

    1. 4

      the fact that we found this accidentally and that the behavior is exactly what you’d expect if there were no permissions check for the kill call at all leads us to believe that there is likely more that can be done to exploit this issue

      There’s nothing found yet, but it does give cause for some concern that the means of denying service is what appears to be escalation.

      1. 4

        I was part of the team helping Shea to research and disclose the issue. One key finding was in the logs we saw <unprivileged user> killed <privileged process>, indicating that we hadn’t tripped just a crashing bug, but actually escalated beyond the normal access control protections of kill.

        1. 9

          Privilege escalation is when you increase the abilities of the attack code to do what a higher-privileged account or process can do in arbitrary ways. This includes opening, modifying, and/or destroying resources. Merely terminating a resource is a Denial of Service (DOS) attack on that resource. The title is wrong.

          1. 3

            Using Privilege Escalation instead of DoS in the title is still misleading. Most people assume that something marketed as Privilege Escalation lead to at the very least reading or writing resource owned by root. I can already kill privileged process by running shutdown (I know that’s not the point, but killing ALL system’s process is still far from running code as root).