this post was submitted on 30 Apr 2026
333 points (98.3% liked)

Selfhosted

60526 readers
1184 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] wewbull@feddit.uk 14 points 2 months ago (3 children)

Honestly, if an attacker has shell access you're toast regardless. I know you shouldn't be able to escalate privileges, but better to never let them on the machine.

Most security in industry only holds because employees have no interest in attacking, or knowledge how to attack, their employer.

[–] ShortN0te@lemmy.ml 14 points 2 months ago

Honestly, thats a really bad take. Yes obviously, you should not let attackers access the terminal, but there are linux servers that rely on multiuser operations, like Servers that are meant for terminal access, like HPC.

Then services get hosted via container these days, so even with rootless containers you get root access if you only get RCE on one service. And even if there are additional VMs for more isolation between host, you still get root on the whole VM.

[–] jj4211@lemmy.world 4 points 2 months ago

Note that this is a rather narrow view of the scope of things.

Yes, the demonstrator is a python script that opens up 'su' and uses splice+this vulnerability to change it to 'just assume all privileges and become sh'.

However, it's that any process in any namespace can leverage a certain socket type and splice to effectively modify any filesystem content they want. It's easy to see how this could be part of a chained attack to, for example, replace a protected service that is firewalled off with a shell. An RCE in a service permits rewriting nginx in an entirely different container and replaces it with a shell backend of your choosing.

That 'flatpak' application on your single user system that is guarded from touching your files that aren't related? That isolation doesn't mean anything if this issue is in play.

In terms of shared systems, while it should be avoided if possible, practically speaking there's a lot of shared resources.

I don't get why I've seen so many people saying "ehh, no big deal, privilege escalation is just a fact of life".

[–] Ophrys@lemmy.dbzer0.com 4 points 2 months ago

I work for a critical, global communications infrastructure company, and it's painfully obvious that the moment someone has a foothold they could do whatever they want with some minor skill lol.