@@ -29,7 +29,10 @@ The trick is finding one or several service libraries falling into the "green-bl
...
@@ -29,7 +29,10 @@ The trick is finding one or several service libraries falling into the "green-bl
# Important exploits
# Important exploits
After taking into consideration said requirements, here's the effect of exploits on the rating of a library
After taking into consideration said requirements, here's the effect of exploits on the rating of a library
- Any root-level exploit locks a library into the "red" range, as they allow either to access critical files, block the admin access or block the service
- If neither of the rules above is fulfilled, the library is at least at "orange" level
- Any root-level exploit locks a library into "red", as they allow either to access critical files, block the admin access or block the service
- If the rule above is not fulfilled, the library is at least at "orange" level
- A "user password reset" exploit add the "blue" modifier, as any service depending on a non-root account can be blocked by changing the password (as it's a modifier, the library will be either orange-blue or green-blue)
- A "user password reset" exploit add the "blue" modifier, as any service depending on a non-root account can be blocked by changing the password (as it's a modifier, the library will be either orange-blue or green-blue)
- If an admin can obtain a shell thanks to the library (preferably, a guest shell exploit), the library is at least "green"
- If an admin can obtain an execution shell thanks to the library (preferably, a guest shell exploit), the library is at least "green". *By definition, ssh fits this requirement even without a shell exploit.*
\ No newline at end of file
Basically, it's impossible to work with red, and you need at least a green library on the server. If a library has the blue modifier, then all allowed services will need to run as root.
