Local users get to play root?
Konstantin Ryabitsev
icon at fedoraproject.org
Wed Nov 18 19:30:18 UTC 2009
2009/11/18 nodata <lsof at nodata.co.uk>:
> Am 2009-11-18 20:20, schrieb Richard Hughes:
>>
>> 2009/11/18 Casey Dahlin<cdahlin at redhat.com>:
>>>
>>> By the admin's first opportunity to change the settings the box could
>>> already be rooted.
>>
>> I'm not sure how you can root a computer from installing signed
>> content by a user that already has physical access to the machine.
>
> You install software with a known buffer overflow before it is fixed and
> exploit it. More software = more chances to exploit. Bingo!
If a user logged in from a physical local console wanted to exploit
their machine, this would be the hard way to do it.
Regards,
--
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec
More information about the fedora-devel-list
mailing list