Full Disclosure mailing list archives
Re: Vulnerability in Terminal.app
From: "Charles E. Hill" <chill () herber-hill com>
Date: Wed, 19 Nov 2003 16:07:18 -0800 (PST)
This sounds a lot like an issue I had with Red Hat Linux 8 & 9. If you do something as a regular user that requires root permissions, RH prompts for the root password and basically "su"s the session for a set time period. The problem occurred when you reboot. If you're still within that time period, if you log back in the "su" is still in effect! Yes, it'll time out but I found it odd that the priv upgrade lasted past a reboot (and subsequent login to the same user account). I always just explicitly dropped upgraded privs (mouse click in system tray icon) after whatever I did. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in Terminal.app rixstep (Nov 19)
- Re: Vulnerability in Terminal.app Gwendolynn ferch Elydyr (Nov 19)
- Re: Vulnerability in Terminal.app rixstep (Nov 19)
- Re: Vulnerability in Terminal.app Charles E. Hill (Nov 19)
- <Possible follow-ups>
- Re: Vulnerability in Terminal.app hays (Nov 19)
- Re: Vulnerability in Terminal.app Matt Burnett (Nov 19)
- Re: Vulnerability in Terminal.app Timo Schoeler (Nov 19)
- Re: Vulnerability in Terminal.app Matt Burnett (Nov 19)
- Re: Vulnerability in Terminal.app Gwendolynn ferch Elydyr (Nov 19)