Looking at "Shatter Attack" in Windows:
http://index-of.es/Misc/pdf/shatter_attack_redux.pdf
https://www.blackhat.com/presentations/bh-usa-04/bh-us-04-moore/bh-us-04-moore-whitepaper.pdf
http://www.hpl.hp.com/techreports/2005/HPL-2005-87.pdf
Now you ask yourself, what are the Linux equivalent? How are messages passed from one applications to another? And if the messages and posted in arbitrary ways, is it possible to achieve privilege escalation in Linux scenario?
This is the processes relevant to graphical redering in Linux:
Looking at "Dbus" daemon above, what its function?
Since it is running at the high privilege level, privilege esclation is not impossible.
And history have shown its possibilities:
https://www.cyberciti.biz/tips/linux-dbus-packages-fix-privilege-escalation.html
https://www.rapid7.com/db/modules/exploit/linux/local/lastore_daemon_dbus_priv_esc
https://packetstormsecurity.com/files/147285/lastore-daemon-D-Bus-Privilege-Escalation.html
https://bugzilla.redhat.com/show_bug.cgi?id=847402
You must be logged in to post a comment.