Re: Red Hat 9: free tickets

From: Carlos Villegas (villegas_at_math.gatech.edu)
Date: 07/02/03

  • Next message: Michal Zalewski: "Re: Red Hat 9: free tickets"
    Date: Wed, 2 Jul 2003 17:07:29 -0400
    To: Michal Zalewski <lcamtuf@ghettot.org>
    
    

    This way of attack seems useless to me. This is also used on RH 8.0
    systems, and for both 8.0 and 9 systems:

    drwx------ 4 root root 4096 Jun 27 08:43 /var/run/sudo

    Which means that if the packages are properly built (and will make sure
    that this directory gets this permissions if it existed before the
    rpm is installed), this attack will gain you nothing, since you need
    to be root to exploit it. If you can get root access to make this
    attack possible, then you might as well launch a shell instead.

    Carlos


  • Next message: Michal Zalewski: "Re: Red Hat 9: free tickets"