Privilege escalation

Privilege escalation is the process by which a user executes processes with more rights than they normally are entitled to use. This can be both good and bad.

For example, allowing a user to change their own password requires write access to the  and/or   file. Under normal circumstances, users can only read, and do nothing with  :

# ls -l /etc/{passwd,shadow} -rw-r--r--   1 root     root         3215 Jun 30 10:28 /etc/passwd -rw---   1 root     root         2829 Oct 24 12:05 /etc/shadow

However, to edit these files, users can run the, which has the setuid bit set. This escalates the priviledge level of the user so that it can perform a very specific action (edit  and  ) as the root user:

$ ls -l /usr/bin/passwd -r-sr-xr-x 1 root  bin  25152 Sep 11 20:07 /usr/bin/passwd

Priviledge escalation is also a frequent goal of a cracker (causing a DoS is another). Typically, a cracker will attempt to exploit a bug to gain "Unauthorized Priviledge Escalation" (usually targeting the root user), in order to take control of a system.

see permissions and setuid

perl
You should also change $( and $) in order to set the real and effective group IDs as well: ($<,$>) = (getpwnam('nobody'),getpwnam('nobody'));