|This is the talk page for discussing improvements to the Privilege escalation article.
This is not a forum for general discussion of the article's subject.
|This article is of interest to the following WikiProjects:|
Is it only an exploit?
Users with unprivileged credentials who properly execute "sudo" (for example) to perform authorised administrative activities are also "escalating privilege". It is not only an exploit or a bug. — Preceding unsigned comment added by 126.96.36.199 (talk) 00:36, 27 April 2015 (UTC)
I've also heard this term dealing with the fact that many of the individual privileges of a superuser can be used to obtain the others, including the ability to run in kernel mode.
For example, if a Windows program is granted SeDebugPrivilege - the right to debug any process in the system regardless of owner - it can escalate its privilege further by leveraging SeDebugPrivilege. It can use that privilege to open a running LocalSystem (akin to UNIX "root") process, such as winlogon.exe, and inject its own code, escalating its privilege to LocalSystem.
Similarly, the SeTakeOwnership privilege, which allows taking ownership of files without explicit permission, can be used on the Registry to change the Administrator password.
Many Windows privileges allow this sort of escalation, so their closure really ought to be considered a single privilege level. That's the route UNIX took.
-- Myria 07:59, 28 October 2005 (UTC)
"Horizontal" vs "Vertical" privilege escalation
I've cleaned up the content for this concept a bit, but I dispute that there's a such thing as "horizontal privilege escalation", and not just because the term is a bit of an oxymoron.
"Horizontal" escalation means obtaining unauthorized impersonation rights (I know web apps never call it "impersonation"). Impersonation, a capability built in to a variety of reference monitors (including Unix, Win32, and databases) is an elevated privilege. "Horizontal" escalation is just a use case for a specific, limited form of "vertical" privilege escalation.
The content here is valuable; I'm not advocating that we strike it. I'm just saying that we probably shouldn't muddy it with concepts like "vertical and horizontal".
--- tqbf 02:00, 1 January 2008 (UTC)
Well "horizontal privilege escalation" does exists. And not just in theory....There have been many High profile bank cases to validate the same....
-Meenal A. Mukadam
Is this an example of Windows privilege escalation?
I can't remember the exact details, but in Windows XP you can use the "at" command under cmd to schedule it to run cmd.exe a minute or 2 in the future. This new cmd process will run under the SYSTEM user for some mysterious reason. You can then end explorer.exe in task manager (which you can run under the new cmd if you're not allowed to run task manager on your own account), run explorer.exe under the cmd window, and therefore be allowed to do things in the Windows shell that you shouldn't have permission to do. Obviously this won't work if the policies have been set to prevent you from running at.
Is this a valid example of a very easy privilege escalation attack?
- Yes, someone with the privilege to schedule jobs on WinXP/Win2k3 and earlier could elevate themselves to Admin in this way. This route has been blocked in Vista/Server 2008. Socrates2008 (Talk) 21:41, 9 June 2008 (UTC)