| ▲ | zahlman 4 days ago | |
> including most likely some fairly trivial paths to root escalation Why would this be likely? | ||
| ▲ | jchw 4 days ago | parent [-] | |
Because there is no isolation whatsoever. A terminal running as root can just be typed into. Some apps can be coerced into code execution when messaging them over X11. You might have to get a little creative, but there's a lot of room for creativity. Needless to say, though, if the user doesn't have anything open with root privileges or cached sudo, then you probably won't be escalating to root with only X11. You'd have to wait for something to crop up. I'd reckon though if you are resident for long enough during a desktop session you'll find an opportunity. (And on most desktop systems that still, of course, leaves the usual points of interest outside X11. But if you wanted a way to escape, say, Flatpak containment, this is definitely a good start.) | ||