On Wed, Dec 07, 2005 at 08:12:17AM -0500, Gene Heskett wrote: > >> >Cos' that user is only allowed to do cp mv and chmod, not anything > >> > else. > >> And thats enough to own the box. > >How? > If he can cp and mv something malicious, then chown it to a lower > numbered user, I think he could gain root privs if he was suitably > creative. Maybe not, but it would certainly bear watching/logging IMO. ch*mod*, not chown. :) -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>
