Re: bash

• To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
• Subject: Re: bash
• From: Matthew Miller <mattdm@xxxxxxxxxx>
• Date: Wed, 7 Dec 2005 08:38:32 -0500
• In-reply-to: <200512070812.17209.gene.heskett@xxxxxxxxxxx>
• List-help: <mailto:[email protected]?subject=help>
• List-id: For users of Fedora Core releases <fedora-list.redhat.com>
• List-post: <mailto:[email protected]>
• List-subscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <https://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
• References: <060e01c5faea$8901b950$0201a8c0@dw1> <200512070110.55198.gene.heskett@xxxxxxxxxxx> <20051207124844.GB20861@xxxxxxxxxxxxx> <200512070812.17209.gene.heskett@xxxxxxxxxxx>
• Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
• User-agent: Mutt/1.4.2.1i

On Wed, Dec 07, 2005 at 08:12:17AM -0500, Gene Heskett wrote:
> >> >Cos' that user is only allowed to do cp mv and chmod, not anything
> >> > else.
> >> And thats enough to own the box.
> >How?
> If he can cp and mv something malicious, then chown it to a lower 
> numbered user, I think he could gain root privs if he was suitably 
> creative.  Maybe not, but it would certainly bear watching/logging IMO.

ch*mod*, not chown. :)


-- 
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>

• Follow-Ups:
  • Re: bash
    • From: Gene Heskett
  • Re: bash
    • From: Paul Howarth

• References:
  • bash
    • From: LC
  • Re: bash
    • From: Gene Heskett
  • Re: bash
    • From: Matthew Miller
  • Re: bash
    • From: Gene Heskett

• Prev by Date: Re: bash
• Next by Date: Re: how to only XDM no KDM and no GDM ?
• Previous by thread: Re: bash
• Next by thread: Re: bash
• Index(es):
  • Date
  • Thread