A non-root user might not be a person, it might be a compromised php script. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		noja on Jan 25, 2019 \| parent \| context \| favorite \| on: Practical Linux Hardening Guide A non-root user might not be a person, it might be a compromised php script.

noir_lord on Jan 26, 2019 [–]

True but if my system has a compromised anything binding to a port then they can talk to it via whatever they want at that point.

I'm of the opinion that if an attacker gets a local account then I'm already hosed given the regularity of local privilege escalation CVE's

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact