Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I find a bug

From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 18 Jan 2011 11:12:39 +0000
Also sudo vi, :!bash.

That's why you need to be aware of what sudo access you're granting -
it's more useful as a tool for keeping audit logs - together with
remote syslogging - for well-meaning administrators than it is at
stopping people from getting root.

cheers,
 Jamie

2011/1/18 我是王子 <tradeprince () qq com>:

hello,

I found a bug,

run [sudo strace su] command can get root privileges without any password.

bill

------------------ Original ------------------
From:  "Steve Beattie"<sbeattie () ubuntu com>;
Date:  Thu, Jan 13, 2011 08:01 PM
To:  "ubuntu-security-announce"<ubuntu-security-announce () lists ubuntu com>;
Cc:  "full-disclosure"<full-disclosure () lists grok org uk>;
"bugtraq"<bugtraq () securityfocus com>;
Subject:  [USN-1042-2] PHP5 regression

--
ubuntu-security-announce mailing list
ubuntu-security-announce () lists ubuntu com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden / Mobile: 07545 502 598

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: