Talk:Privilege escalation

From Wikipedia, the free encyclopedia

	This is the talk page for discussing improvements to the Privilege escalation article.
	This is not a forum for general discussion about the article's subject. Put new text under old text. Click here to start a new topic. Please sign and date your posts by typing four tildes (~~~~). New to Wikipedia? Welcome! Ask questions, get answers.	Be polite Assume good faith Avoid personal attacks Be welcoming Article policies No original research Neutral point of view Verifiability

WikiProject Computer Security		Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles
v • d • e This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of Computer Security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.  ???  This article has not yet received a rating on the quality scale.  ???  This article has not yet received a rating on the importance scale.

WikiProject Computing		ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Information technology portal v • d • e This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of Computing on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.  ???  This article has not yet received a rating on the project's quality scale.  ???  This article has not yet received a rating on the project's importance scale.

WikiProject Computer science	(Rated Start-Class)	Computer scienceWikipedia:WikiProject Computer scienceTemplate:WikiProject Computer scienceComputer science articles
Computer science portal v • d • e This article is within the scope of WikiProject Computer science, a collaborative effort to improve the coverage of Computer science related articles on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.  Start  This article has been rated as Start-Class on the project's quality scale.  ???  This article has not yet received a rating on the project's importance scale.

[edit] Another meaning?

I've also heard this term dealing with the fact that many of the individual privileges of a superuser can be used to obtain the others, including the ability to run in kernel mode.

For example, if a Windows program is granted SeDebugPrivilege - the right to debug any process in the system regardless of owner - it can escalate its privilege further by leveraging SeDebugPrivilege. It can use that privilege to open a running LocalSystem (akin to UNIX "root") process, such as winlogon.exe, and inject its own code, escalating its privilege to LocalSystem.

Similarly, the SeTakeOwnership privilege, which allows taking ownership of files without explicit permission, can be used on the Registry to change the Administrator password.

Many Windows privileges allow this sort of escalation, so their closure really ought to be considered a single privilege level. That's the route UNIX took.

-- Myria 07:59, 28 October 2005 (UTC)

[edit] "Horizontal" vs "Vertical" privilege escalation

I've cleaned up the content for this concept a bit, but I dispute that there's a such thing as "horizontal privilege escalation", and not just because the term is a bit of an oxymoron.

"Horizontal" escalation means obtaining unauthorized impersonation rights (I know web apps never call it "impersonation"). Impersonation, a capability built in to a variety of reference monitors (including Unix, Win32, and databases) is an elevated privilege. "Horizontal" escalation is just a use case for a specific, limited form of "vertical" privilege escalation.

The content here is valuable; I'm not advocating that we strike it. I'm just saying that we probably shouldn't muddy it with concepts like "vertical and horizontal".

--- tqbf 02:00, 1 January 2008 (UTC)

I agree the content is valuable but the term itself is confusing. Zeroday (talk) 13:43, 24 February 2008 (UTC)

---

Well "horizontal privilege escalation" does exists. And not just in theory....There have been many High profile bank cases to validate the same....

-Meenal A. Mukadam

---

—Preceding unsigned comment added by 123.201.46.58 (talk) 07:54, 16 June 2008 (UTC)

[edit] Is this an example of Windows privilege escalation?

I can't remember the exact details, but in Windows XP you can use the "at" command under cmd to schedule it to run cmd.exe a minute or 2 in the future. This new cmd process will run under the SYSTEM user for some mysterious reason. You can then end explorer.exe in task manager (which you can run under the new cmd if you're not allowed to run task manager on your own account), run explorer.exe under the cmd window, and therefore be allowed to do things in the Windows shell that you shouldn't have permission to do. Obviously this won't work if the policies have been set to prevent you from running at.

Is this a valid example of a very easy privilege escalation attack?

http://blogs.msdn.com/adioltean/articles/271063.aspx

Tebello TheWHAT!!?? 18:54, 9 June 2008 (UTC)

Yes, someone with the privilege to schedule jobs on WinXP/Win2k3 and earlier could elevate themselves to Admin in this way. This route has been blocked in Vista/Server 2008. Socrates2008 (Talk) 21:41, 9 June 2008 (UTC)