On Wednesday 07 December 2005 07:48, Matthew Miller wrote: >On Wed, Dec 07, 2005 at 01:10:55AM -0500, Gene Heskett wrote: >> >>and why would you want to do that? >> > >> >Cos' that user is only allowed to do cp mv and chmod, not anything >> > else. >> >regards >> >> And thats enough to own the box. > >How? > If he can cp and mv something malicious, then chown it to a lower numbered user, I think he could gain root privs if he was suitably creative. Maybe not, but it would certainly bear watching/logging IMO. >-- >Matthew Miller mattdm@xxxxxxxxxx > <http://mattdm.org/> Boston University Linux ------> > <http://linux.bu.edu/> -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.36% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
