Re: [Full-Disclosure] Vulnerability in Terminal.app
From: Charles E. Hill (chill_at_herber-hill.com)
To: firstname.lastname@example.org Date: Wed, 19 Nov 2003 16:07:18 -0800 (PST)
This sounds a lot like an issue I had with Red Hat Linux 8 & 9.
If you do something as a regular user that requires root permissions, RH
prompts for the root password and basically "su"s the session for a set
The problem occurred when you reboot. If you're still within that time
period, if you log back in the "su" is still in effect! Yes, it'll time
out but I found it odd that the priv upgrade lasted past a reboot (and
subsequent login to the same user account).
I always just explicitly dropped upgraded privs (mouse click in system
tray icon) after whatever I did.
Full-Disclosure - We believe in it.