My question is about filesystem permissions (specifically the Unix style permissions) and how they relate to security.
Say I have access to a computer with a guest user account and a user named Bob. I don’t know Bob's password, but I can use the guest account. The guest account has absolutely no read permissions for all of Bob’s files, so I can't read any of Bob’s files while logged in as guest.
However, from a true “adversary” perspective, I have full access to this unencrypted disk. I could image it, save it for later, run some other OS to simply read Bob’s files while ignoring the filesystem permission settings.
From this, I get to the question:
- A filesystem permission setting on an unencrypted disk is just a flag, correct? And the only thing stopping me from reading files to which I don’t have permission is the fact that the OS will say “Oh, you can’t read that, you don’t have permission.” That file is still on the disk in raw form and I could read it by just ignoring the filesystem flags (say, via some shady bootable OS that simply ignores permissions). Is this all correct?
Now say I don’t have direct access to the disk, and I’m just ssh-ing into a machine. I don’t have permission to read any of Bob’s files. There's really nothing I can do about it, correct?
- Given my limited permissions, I simply can’t access Bob's files no matter how hard I try, no? What if I use some exploit to gain root access? Can I now bypass the OS's permission flags? Is this a thing that ever happens?
