oss-sec mailing list archives
Re: Abusing TZ for fun (and little profit)
From: Dave Horsfall <dave () horsfall org>
Date: Thu, 16 Oct 2014 12:34:30 +1100 (EST)
On Thu, 16 Oct 2014, Jakub Wilk wrote:
$ TZ=$PWD/tz sudo -u root strace -e read date
Perhaps I've missed something here, but surely if you have "sudo" privileges then you can read the file for yourself? And if you're trying to trace a set-uid program then it won't work anyway? Neither my Mac nor my FreeBSD box have "strace", and my Penguin is dead, so I cannot verify this. -- Dave Horsfall (VK2KFU) http://www.horsfall.org/spam.html
Current thread:
- Abusing TZ for fun (and little profit) Jakub Wilk (Oct 15)
- Re: Abusing TZ for fun (and little profit) Dave Horsfall (Oct 15)
- Re: Abusing TZ for fun (and little profit) Dag-Erling Smørgrav (Oct 16)
- Re: Abusing TZ for fun (and little profit) Dan McDonald (Oct 15)
- Re: Abusing TZ for fun (and little profit) Jakub Wilk (Dec 14)
- Re: Abusing TZ for fun (and little profit) Dave Horsfall (Oct 15)