T 5.20 Misuse of administrator rights

Misusive administration occurs when - rightfully or illicitly obtained - superuser ( root) privileges are deliberately used to harm the system or its users.

Example:

Since there are no restrictions for root in Unix systems, the administrator is able to read, modify or delete any file, regardless of access rights. Moreover, he can assume the identity of any user of his system, without this fact being perceived by any other user; thus, it is possible for him, by using other people's identity, to send mail messages or to read and to delete mail messages intended for others.

There are different possibilities for illicit use of superuser privileges. This includes abuse of incorrectly administered superuser files (files with root as owner and set s -bit) and of the su command.

But a threat can also be entailed by the automatic mounting of removable data media: when the medium is placed in the drive, it will immediately be mounted. Then anybody has access to the files stored there. With s -bit programmes stored within the mounted drive, any user can obtain superuser rights.

Depending on the Unix version and the hardware used, and with accessibility of the console, it is possible to activate the monitor mode or to boot and restart with single-user mode. This allows a manipulation of the configuration.