@@ -24,9 +24,10 @@ Fix : find service libs without either "root computer" or "root file" exploits
Threat 2 : Privilege escalation
2a) metaxploit doesn't need /libs/ permissions to execute an exploit
Fix : non-root users must *never* be able to run their own scripts
Fix : non-root users must *never* be able to run their own scripts
2b) Someone with write access in one folder can scp a binary with the X permission
Fix : non-root users must *never* have write permissions (o-w, g-w, u-w)
Exception : write users can exist if the access is only by ftp, on servers where no "user shell" exploits exist. In this specific, sudo must be modified to make sure guest can only log as root, and not as write users
2c) There's no way to delete "guest"
Fix : a group-less user should have *absolutely* no permissions (u-r, u-w, u-x)
