Re: [Full-Disclosure] Vulnerability in Terminal.app

From: Charles E. Hill (chill_at_herber-hill.com)
Date: 11/20/03

  • Next message: Jim Duggan: "[Full-Disclosure] .hta virus analysys"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 19 Nov 2003 16:07:18 -0800 (PST)
    
    

    This sounds a lot like an issue I had with Red Hat Linux 8 & 9.

    If you do something as a regular user that requires root permissions, RH
    prompts for the root password and basically "su"s the session for a set
    time period.

    The problem occurred when you reboot. If you're still within that time
    period, if you log back in the "su" is still in effect! Yes, it'll time
    out but I found it odd that the priv upgrade lasted past a reboot (and
    subsequent login to the same user account).

    I always just explicitly dropped upgraded privs (mouse click in system
    tray icon) after whatever I did.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jim Duggan: "[Full-Disclosure] .hta virus analysys"

    Relevant Pages

    • Re: NTFS issue
      ... intrigs me is that you reboot and reboot.... ... NTFS into ReiserFS or ext3... ... > root user. ... > As a regular user I get 'permission denied' error. ...
      (Fedora)
    • Re: how do you log out using command line
      ... >> Forgot to mention that you will need to be root to run the above commands. ... If you run poweroff or reboot as a regular user it should prompt you for roots password. ... >Set text line length to 75 characters or ...
      (alt.os.linux.suse)
    • Re: [opensuse] BIOS/GRUB Problem
      ... Crtl-Alt-F2) 2-login as root ... You'll have to force a reboot, power switch if you have no reset ... accomplished using the reboot command, or the shutdown command, ... and bring up the GDM/KDM/XDM login screen. ...
      (SuSE)
    • How to have a late night heart attack...
      ... moving my "send an email" shell script over to ... Tried to control the machine via ARD. ... The only damn way onto this machine is SSH as root. ... Reboot again, finally everything behaving. ...
      (uk.comp.sys.mac)
    • fsck Fails On Reboot After Partially Completed Testing Upgrade
      ... Checking root file system ... fsck failed. ... Please repair MANUALLY and reboot. ...
      (Debian-User)