Re: [Full-Disclosure] Vulnerability in Terminal.app

From: Charles E. Hill (chill_at_herber-hill.com)
Date: 11/20/03

  • Next message: Jim Duggan: "[Full-Disclosure] .hta virus analysys"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 19 Nov 2003 16:07:18 -0800 (PST)
    
    

    This sounds a lot like an issue I had with Red Hat Linux 8 & 9.

    If you do something as a regular user that requires root permissions, RH
    prompts for the root password and basically "su"s the session for a set
    time period.

    The problem occurred when you reboot. If you're still within that time
    period, if you log back in the "su" is still in effect! Yes, it'll time
    out but I found it odd that the priv upgrade lasted past a reboot (and
    subsequent login to the same user account).

    I always just explicitly dropped upgraded privs (mouse click in system
    tray icon) after whatever I did.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jim Duggan: "[Full-Disclosure] .hta virus analysys"