wheybags' blog: Privilege escalation vulnerabilities don't really matter
When I say privilege escalation vulnerability, I'm talking in the context of operating system user accounts - going from executing code as a normal user, to a root or administrator level without proper authorisation. I'll discuss this in two separate contexts: desktop PCs, and servers.
What really matters on your personal machine? Your personal information. Login credentials. Emails. Private messages. Cookies. API tokens. Banking information. Browsing history. Photos.
If an attacker is able to get code running on your machine as your normal user, they have access to all of that. They can read all your files. They can log your keystrokes. They can even read the memory straight out of your running processes. Everything you actually care about is running in your normal user account - so if an attacker, for example, tricks you into running a malicious exe file, or exploits a PDF parsing bug in your mail client to gain RCE, they will already have access to everything useful.
There is no need for them to use a privilege escalation exploit, because what does it get them? They can bind port 80? Delete System32? Who cares, they have your passport scans and recent utility bills. And they're going to send your grandmother webcam captures of you masturbating unless you wire $20k in bitcoin to 0xDEADBEEF in the next 20 minutes.
