undefined | Better HN

0 pointsIshKebab1mo ago0 comments

> your RCE exploit will be running as the user and group of the service you exploited. For example www:www

Only if the exploit is through a web server or similar. If it's through the user's web browser, email client, video player, etc. etc. then you'll have write access to their home directory.

0 comments

hnlmorg1mo ago

But thats not a daemon then. Thats a completely different type of exploit from the ones we were originally talking about.

Yes, if a desktop application has a bug then it can do damage. But at that point, who cares about sudo? The exploit already has access to your ssh keys, browser cookies and history (so can access banking and shopping sites), crypto-currency wallets and so on and so forth.

What an exploit has access to here is so much worse than getting root access on a desktop OS.

j / k navigate · click thread line to collapse

0 comments

hnlmorg1mo ago

But thats not a daemon then. Thats a completely different type of exploit from the ones we were originally talking about.

What an exploit has access to here is so much worse than getting root access on a desktop OS.

j / k navigate · click thread line to collapse