|
Abuse of rights takes place when someone deliberately exploits - rightfully or illicitly obtained - facilities in order to harm a system or its users.
Example:
For many systems, it is possible for any user to read the /etc/passwd file so that he can obtain information on the personal data contained in that file. In addition, he can try, by means of a dictionary attack (cf. T 5.18 Systematic trying-out of passwords), to guess the encrypted passwords. If group privileges are granted too generously, particularly in the case of system groups such as root, bin, adm, news or daemon, abuse - for instance, modification or deletion of third parties' files - can be easily effected.
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |