@@ -11,10 +11,10 @@ Threats against a rented service server:
...
@@ -11,10 +11,10 @@ Threats against a rented service server:
Threat 0 : Exploit requirements
Threat 0 : Exploit requirements
0a) "X active user" is assumed *always* fulfilled, as this requirement is expected to evolve under normal conditions
0a) "X active user" is assumed *always* fulfilled for an intruder and never for the admin, as this requirement is expected to evolve under normal conditions
0b) "minimum N registered users" is assumed fulfilled besides exceptional circumstances, as a server is meant to provide more and more services over its lifetime
0b) "in the same LAN" is assumed always blocking, as an inter-LAN exploit assumes another machine got breached first
0c) "in the same LAN" is assumed always blocking, as an inter-LAN exploit assumes another machine got breached first
0c) "specific X version" can be easily set forever, as local libraries will always allow some kind of root elevation
0d) "specific X version" can be easily blocked forever, as local libraries will always allow some kind of root elevation
0d) "registered users/ports" is assumed increasing over time by default, as a server is meant to provide more and more services over its lifetime. such requirement should be clearly documented
Threat 1 : Root access
Threat 1 : Root access
1a) Any service can allow to log or lock root with the good vulnerability
1a) Any service can allow to log or lock root with the good vulnerability
