DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: Re: To be a new DFly commiter
| From: | grzela@xxxxxxxxxxxxx |
| Date: | Fri, 16 Mar 2007 21:37:32 +0100 |
On Fri, 16 Mar 2007 20:58:37 +0100, Joerg Sonnenberger wrote: > On Fri, Mar 16, 2007 at 06:07:07PM +0100, Grzegorz B?ach wrote: > > When you do buffer-overflow in passwd you can exec any code with root > priviledges, > > but with tcb you must change root password to run code with root > priviledges, > > and administrator will see this faster. > > Who said that I want to change the root password? I can easily just > create a new user with uid 0, login remotely as that and change the > entry back. Very little log pollution and that can be easily taken care > of. > > Joerg > To add new user with uid 0 you must edit /etc/passwd file, which is not SGID shadow. And I put a mistake in this, with SGID shadow you can only cds to /etc/tcb dir, for edit user shadow file you must run code as this user or root. ____________________________________________________________________________ Domena za 90 groszy! www.nazwa.pl
- References:
- To be a new DFly commiter
- From: Grzegorz Błach <grzela@seculture.com>
- Re: To be a new DFly commiter
- From: Joerg Sonnenberger <joerg@britannica.bec.de>
- Re: To be a new DFly commiter
- From: Grzegorz Błach <grzela@seculture.com>
- Re: To be a new DFly commiter
- From: Joerg Sonnenberger <joerg@britannica.bec.de>
- To be a new DFly commiter
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]