As an account that can't normally run code (say, the "nobody" user), then yes, it's a vulnerability.
I think you think we're all new to this concept of post-auth vs pre-auth RCE, but that's not it! 
-
-
I don't see this as different from any post-auth bug. The svcctl interface is just that - an interface. This is a programming bug in a program that happens to be available via svcctl, for omitting proper parameter checks. Not really admin functionality at all!
-
Yes, but you're imagining a configuration that gives svcctl access but not code execution. That's possible, but so is forcecommand=Xorg, at some point you need to say "requires local access" , or what even is an LPE?
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
