GCIH · Question #486
How is exploiting a buffer overflow in a Linux SUID program owned by root different from exploiting other programs?
The correct answer is D. Attacker would be able to execute code to alter or delete system files. A SUID binary owned by root runs with root privileges regardless of who invokes it, so a successful buffer overflow exploit gains root-level access and can modify or delete protected system files.
Question
How is exploiting a buffer overflow in a Linux SUID program owned by root different from exploiting other programs?
Options
- AAttacker will be able to execute code with the permissions of the SYSTEM user
- BThe exploit which the attacker executes does not need to be written in machine code
- CThe exploit does not need to be written in machine code compatible with the processor
- DAttacker would be able to execute code to alter or delete system files
How the community answered
(43 responses)- A12% (5)
- B7% (3)
- C2% (1)
- D79% (34)
Why each option
A SUID binary owned by root runs with root privileges regardless of who invokes it, so a successful buffer overflow exploit gains root-level access and can modify or delete protected system files.
The 'SYSTEM' account is a Windows concept; on Linux the privileged account is 'root' (UID 0), and 'SYSTEM' has no meaning in this context.
Buffer overflow exploits on Linux still require position-dependent or position-independent machine code (shellcode) to overwrite the return address and redirect execution; the exploit must be written in machine code.
Shellcode must be compatible with the target processor's instruction set architecture (e.g., x86-64 vs. ARM); the SUID bit does not change this requirement.
When the SUID bit is set on an executable owned by root, the Linux kernel runs that process with an effective UID of 0 (root). A buffer overflow that redirects execution to attacker-controlled shellcode therefore runs with full root privileges, allowing the attacker to read, alter, or delete any file on the system, including critical files like /etc/passwd or kernel modules.
Concept tested: Linux SUID privilege escalation via buffer overflow
Source: https://man7.org/linux/man-pages/man2/execve.2.html
Topics
Community Discussion
No community discussion yet for this question.