• IAm_A_Complete_Idiot@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    11 months ago

    True, but that doesn’t necessarily matter if I can compromise the privileged app instead. I could replace it, modify it on disk, or really any number of things in order to get myself a hook into a privileged position.

    Just injecting code in some function call which launches malware.exe would do the trick. Ofc signature checks and the like can help here - but those aren’t a given. There’s any number of ways you can elevate yourself on a system based off of user security if your threat model is malicious processes. Linux (and windows) will stop users from accessing each other’s crap by default, but not processes.

    Or: supply chain attacks. Now your official app without any modifications is malicious.