Bugtraq mailing list archives
Re: lightbar vulnerability
From: aaronb () MOJO CALYX NET (Aaron Bornstein)
Date: Wed, 4 Nov 1998 06:05:51 -0500
On Sun, 1 Nov 1998, Config Urator wrote:
- How do i make sure sum1 dont use this against me? easy, just make sure no1 can erase or change permissons of the file that "guest" account will execute.
While I suppose it's somewhat against the rules of paranoia for the program to not die upon discovering the code it's supposed to execute is modifiable by non-priveleged users, it speaks volumes for the silliness of the security policies that would allow such a thing to happen in the first place. "Hey, look, I changed ownership of /etc/inetd.conf to this unpriveleged user and all of a sudden s/he got root on my machine! Must be a hole in inetd!" My $.02. -- Aaron Bornstein http://mojo.calyx.net/~aaronb/ aaronb at calyx dot net | aaronmb at mit dot edu
Current thread:
- lightbar vulnerability Config Urator (Nov 01)
- Re: lightbar vulnerability Aaron Bornstein (Nov 04)
- security patch for ssh-1.2.26 kerberos code Tatu Ylonen (Nov 04)