Security Basics mailing list archives
what a malicious local user can do using "nobody"'s privilege?
From: "Rick Zhong" <isc00801 () nus edu sg>
Date: Sun, 28 Sep 2003 02:46:07 +0800
Hello all, i am reading something about this vulnerablity (bugtraqid 8561) which lift normal local user to have the nobody user privilege. Just wondering what exactly can this nobody do? (to hurt the system) Looks like nobody does not have much privilege and i can only find the "locate" db is owned by "nobody" on my freebsd box. Besides this what other things which a malicious local user can do only when he got the nobody privilege? thanks. regards, Rick --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Looking for some ideas on VPN and Dial Up Users and Virus protect ion. Sutton, David (Sep 26)
- what a malicious local user can do using "nobody"'s privilege? Rick Zhong (Sep 29)
- Re: what a malicious local user can do using "nobody"'s privilege? Jon Hart (Sep 29)
- Re: Looking for some ideas on VPN and Dial Up Users and Virus protect ion. Frans Meijer (Sep 29)
- Re: Looking for some ideas on VPN and Dial Up Users and Virus protection. Peter Van Eeckhoutte (Sep 29)
- what a malicious local user can do using "nobody"'s privilege? Rick Zhong (Sep 29)