Bugtraq mailing list archives
Re: 'sudo' recommendations
From: alekz () CS MSU SU (Alexey Kuzmichev)
Date: Thu, 19 Nov 1998 04:56:21 -0300
On Wed, 18 Nov 1998, Cy Schubert wrote: |You can also issue sudo -k to delete the sudo ticket before running |something potentially dangerous. | |The problem you discuss is also an issue with Kerberos. Any potential |attacker could use cached Kerberos tickets to gain access to hosts, |services, or privileges. To circumvent this, kdestroy your Kerberos |ticket or log in as a different user. | The same problem exists in NIS+ environment. Attacker can get right credentials by issuing a command under already authenticated UID, because all credentials (public and decryptded secret keys) are cached by keyserv daemon and "indexed" by UID. The only way to get rid of those cached information is to run keylogout command.
Current thread:
- KDE Screensaver vulnerability Christian Esken (Nov 18)
- Re: KDE Screensaver vulnerability Jason Axley (Nov 18)
- Re: KDE Screensaver vulnerability pedward () WEBCOM COM (Nov 18)
- 'sudo' recommendations Brian Martin (Nov 18)
- Re: 'sudo' recommendations Cy Schubert (Nov 18)
- Re: 'sudo' recommendations Alexey Kuzmichev (Nov 18)
- Re: 'sudo' recommendations Cy Schubert (Nov 18)
- <Possible follow-ups>
- Re: KDE Screensaver vulnerability pedward () WEBCOM COM (Nov 18)
- Re: KDE Screensaver vulnerability Henrik Nordstrom (Nov 18)