On Wednesday 07 December 2005 08:38, Matthew Miller wrote: >On Wed, Dec 07, 2005 at 08:12:17AM -0500, Gene Heskett wrote: >> >> >Cos' that user is only allowed to do cp mv and chmod, not >> >> > anything else. >> >> >> >> And thats enough to own the box. >> > >> >How? >> >> If he can cp and mv something malicious, then chown it to a lower >> numbered user, I think he could gain root privs if he was suitably >> creative. Maybe not, but it would certainly bear watching/logging >> IMO. > >ch*mod*, not chown. :) > My mistake, thats a bit less scary. > >-- >Matthew Miller mattdm@xxxxxxxxxx > <http://mattdm.org/> Boston University Linux ------> > <http://linux.bu.edu/> -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.36% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
