--On January 16, 2009 10:31:35 AM +0100 Andreas Matthus <Andreas.Matthus@tu-dresden.de> wrote:
Hallo, I manage a lot of debian servers and try to install often the updates. So I had in mind my systems are well prepaired. (I follow also other security rules ;-) ) But since some days I mull over a question: What happens if a user run a selfcopy from a program with a security hole? I'm afraid he can get root-rights. Isn't it?
In general, no. This requires an exploitable kernel bug. That said, there have been some of these in the past, and new ones will likely be discovered in the future, but that's far more rare. Anything you run as root should only ever come from trusted sources for this reason.
Windows is a different matter. There's so many ways to break local security on windows it's not funny. But with Linux, and any Unix in general, you can not arbitrarily escalate your privileges. The way applications like su, and sudo work is through the SetUID bit on their executable. What this does is causes the kernel to run the application as the user that owns the file - root in the case of su and sudo - this lets them elevate your privilege levels if you pass their access checks. That's why SetUID executables can be dangerous. You have to trust them. Very few programs are SetUID 0/root.
Linux/UNIX was designed for running arbitrary programs by arbitrary users, and keeping them all separate from eachother, secure from eachother's malicious intent or accidents, provided you follow secure permissions on files and directories.
root is the only user who has exceptions to this, root has the capability to read or write any file (I know i know guys there's SELinux and stuff like that for CAP management but we're talking the general case here).