oss-sec mailing list archives
Re: Abusing TZ for fun (and little profit)
From: Dag-Erling Smørgrav <des () des no>
Date: Thu, 16 Oct 2014 11:34:03 +0200
Dave Horsfall <dave () horsfall org> writes:
Perhaps I've missed something here, but surely if you have "sudo" privileges then you can read the file for yourself?
Not necessarily; sudo can be used to grant users or groups of users permission to run a specific command, which would not necessarily allow them to read arbitrary files.
And if you're trying to trace a set-uid program then it won't work anyway? Neither my Mac nor my FreeBSD box have "strace", and my Penguin is dead, so I cannot verify this.
FreeBSD has ktrace instead, which is far more capable. DES -- Dag-Erling Smørgrav - des () des no
Current thread:
- Abusing TZ for fun (and little profit) Jakub Wilk (Oct 15)
- Re: Abusing TZ for fun (and little profit) Dave Horsfall (Oct 15)
- Re: Abusing TZ for fun (and little profit) Dag-Erling Smørgrav (Oct 16)
- Re: Abusing TZ for fun (and little profit) Dan McDonald (Oct 15)
- Re: Abusing TZ for fun (and little profit) Jakub Wilk (Dec 14)
- Re: Abusing TZ for fun (and little profit) Dave Horsfall (Oct 15)