[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] I find a bug
- To: 我是王子 <tradeprince@xxxxxx>
- Subject: Re: [Full-disclosure] I find a bug
- From: Jamie Riden <jamie.riden@xxxxxxxxx>
- Date: Tue, 18 Jan 2011 11:12:39 +0000
Also sudo vi, :!bash.
That's why you need to be aware of what sudo access you're granting -
it's more useful as a tool for keeping audit logs - together with
remote syslogging - for well-meaning administrators than it is at
stopping people from getting root.
cheers,
Jamie
2011/1/18 我是王子 <tradeprince@xxxxxx>:
> hello,
>
> I found a bug,
>
> run [sudo strace su] command can get root privileges without any password.
>
> bill
>
> ------------------ Original ------------------
> From: "Steve Beattie"<sbeattie@xxxxxxxxxx>;
> Date: Thu, Jan 13, 2011 08:01 PM
> To: "ubuntu-security-announce"<ubuntu-security-announce@xxxxxxxxxxxxxxxx>;
> Cc: "full-disclosure"<full-disclosure@xxxxxxxxxxxxxxxxx>;
> "bugtraq"<bugtraq@xxxxxxxxxxxxxxxxx>;
> Subject: [USN-1042-2] PHP5 regression
>
> --
> ubuntu-security-announce mailing list
> ubuntu-security-announce@xxxxxxxxxxxxxxxx
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Jamie Riden / jamie@xxxxxxxxxxxx / jamie.riden@xxxxxxxxx
http://uk.linkedin.com/in/jamieriden / Mobile: 07545 502 598
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/