T 5.20 Misuse of administrator rights

An abuse of administrator rights occurs when superuser (root) privileges obtained with or without authorisation are deliberately used to harm the system or its users.

Examples:

• Since the root user on a Unix system is not subject to any restrictions, an administrator is able to read, change, or delete any file regardless of its access rights. Furthermore, he can assume the identity of any user on his system without being detected by another user, which means it is possible for him to send emails under a different name or to read and/or delete other users' emails.

• There are a number of ways in which superuser privileges can be abused. These include misuse of the su command and of incorrectly administered superuser files (files with root as the owner and with the s-bit set).

• A threat is also posed by the automatic mounting of exchangeable data media: Such media are mounted immediately after they are placed in the drive. Then everyone has access to the files stored there. Any user can then obtain superuser rights using the s-bit programs stored on the mounted drive.

• Depending on the Unix variant and the base hardware used, it may be possible to activate the monitor mode or to boot in single-user mode if there is access to the console. This allows the configuration to be manipulated.

• Due to software errors, an application may only be able to process a limited amount of data. If too much data or too many parameters are passed to this application, areas of main memory could be overwritten with foreign code. This means commands could be executed with the same rights as the application. This was possible, for example, under SunOS 5.5 with the eject command, which possessed SetUID rights, meaning it possessed superuser rights when executed.