Matthew Miller mattdm at
Wed Dec 7 13:38:32 UTC 2005

On Wed, Dec 07, 2005 at 08:12:17AM -0500, Gene Heskett wrote:
> >> >Cos' that user is only allowed to do cp mv and chmod, not anything
> >> > else.
> >> And thats enough to own the box.
> >How?
> If he can cp and mv something malicious, then chown it to a lower 
> numbered user, I think he could gain root privs if he was suitably 
> creative.  Maybe not, but it would certainly bear watching/logging IMO.

ch*mod*, not chown. :)

Matthew Miller           mattdm at          <>
Boston University Linux      ------>              <>

More information about the fedora-list mailing list