Local users get to play root?
nodata
lsof at nodata.co.uk
Wed Nov 18 19:34:45 UTC 2009
Am 2009-11-18 20:30, schrieb Konstantin Ryabitsev:
> 2009/11/18 nodata<lsof at nodata.co.uk>:
>> Am 2009-11-18 20:20, schrieb Richard Hughes:
>>>
>>> 2009/11/18 Casey Dahlin<cdahlin at redhat.com>:
>>>>
>>>> By the admin's first opportunity to change the settings the box could
>>>> already be rooted.
>>>
>>> I'm not sure how you can root a computer from installing signed
>>> content by a user that already has physical access to the machine.
>>
>> You install software with a known buffer overflow before it is fixed and
>> exploit it. More software = more chances to exploit. Bingo!
>
> If a user logged in from a physical local console wanted to exploit
> their machine, this would be the hard way to do it.
If the servers are in locked racks and you require a reboot to get
access to a grub prompt which is not password protected, then the outage
would trip the monitoring system.
More information about the fedora-devel-list
mailing list