Quote:
Originally Posted by
disaster
Imagine a system where all possible code execution methods (binary executables or interpreted languages like perl and python) are not possible for the attacker. The only thing he can do is to write and execute shell scripts. But here, he is completly free to do what he wants, but it has to be within a shellscript and not with root rights.
As long as he has access to files, echo -e or printf, and chmod, he has the ability to copy in executables from somewhere else. Not difficult, just tedious. And then they can craft a busybox or wget executable for themselves and build or import anything else they want.
Quote:
So the question is: How much danger would there be in such a situation?
They could download a password-cracking suite and attempt to crack your own system and/or someone else's. I've seen it happen; a "good" piece of cracking software depends on almost nothing in your system except the shell and wget/curl. They won't get in unless your passwords are ridiculous though.