Re: [Full-Disclosure] Vulnerability in

From: Charles E. Hill (
Date: 11/20/03

  • Next message: Jim Duggan: "[Full-Disclosure] .hta virus analysys"
    Date: Wed, 19 Nov 2003 16:07:18 -0800 (PST)

    This sounds a lot like an issue I had with Red Hat Linux 8 & 9.

    If you do something as a regular user that requires root permissions, RH
    prompts for the root password and basically "su"s the session for a set
    time period.

    The problem occurred when you reboot. If you're still within that time
    period, if you log back in the "su" is still in effect! Yes, it'll time
    out but I found it odd that the priv upgrade lasted past a reboot (and
    subsequent login to the same user account).

    I always just explicitly dropped upgraded privs (mouse click in system
    tray icon) after whatever I did.

    Full-Disclosure - We believe in it.

  • Next message: Jim Duggan: "[Full-Disclosure] .hta virus analysys"