bash
Gene Heskett
gene.heskett at verizon.net
Wed Dec 7 15:30:05 UTC 2005
On Wednesday 07 December 2005 08:38, Matthew Miller wrote:
>On Wed, Dec 07, 2005 at 08:12:17AM -0500, Gene Heskett wrote:
>> >> >Cos' that user is only allowed to do cp mv and chmod, not
>> >> > anything else.
>> >>
>> >> And thats enough to own the box.
>> >
>> >How?
>>
>> If he can cp and mv something malicious, then chown it to a lower
>> numbered user, I think he could gain root privs if he was suitably
>> creative. Maybe not, but it would certainly bear watching/logging
>> IMO.
>
>ch*mod*, not chown. :)
>
My mistake, thats a bit less scary.
>
>--
>Matthew Miller mattdm at mattdm.org
> <http://mattdm.org/> Boston University Linux ------>
> <http://linux.bu.edu/>
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.36% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
More information about the fedora-list
mailing list