I understand that if any malware made it's way into a Linux system, it will, at most, gain a user-level privilege and ruin anything within the particular user's reach, i.e. the user's own files.
But what exactly keeps the malwares from gaining root-level access? Can it not somehow crack the password from within?
Best Answer
This is a complex question. There are lots of different layers of security in a Ubuntu system, from complex frameworks like AppArmor to humble kernel variables like
mmap_min_addr. You can add some kernel features like memory randomization in the mix. You can find a list of them along with a quick explanations on the Ubuntu Wiki.Another important factor is that the updates are both fast and easy - so most computers will be updated to the last security fixes.
As far as I know, an attacker that has gained local access to your computer has three ways to scale the kernel privileges:
Crack the password. But this is going to be really difficult, the password is stored encrypted, using algorithms with no known flaw. It will take ages to crack it.
Bug in the kernel. But all the security features of the kernel will get in the way.
Trick the user to give away the password, i.e. social engineering. Just show a fake password dialogue or use some other trick. This is the easiest way to do it.
The third point is the weakest vulnerability right now.