Re: No Root Shell with SUID /bin/bash
From: Denis Ducamp (Denis.Ducamp@hsc.fr)Date: 04/23/02
- Previous message: Peter Pan: "Re: No Root Shell with SUID /bin/bash"
- In reply to: Peter Pan: "Re: No Root Shell with SUID /bin/bash"
- Next in thread: Joachim Blaabjerg: "Re: No Root Shell with SUID /bin/bash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Apr 2002 13:54:26 +0200 From: Denis Ducamp <Denis.Ducamp@hsc.fr> To: focus-linux@securityfocus.com
On Sat, Apr 20, 2002 at 10:22:41AM +0200, Peter Pan wrote:
> Hi,
> if you intend to place a backdoor root shell for
> "personal use" in your own system (because an attacker
> changed the root password) then you should write a
> little program with SUID root rights, executable for
> every user, but demanding a password before opening a
> root shell.
such a program is called "sudo" or "calife".
calife http://mutt.frmug.org/calife/ works as su except that :
. you have to enter your own password to change your identity
. the admin can say who can use calife and into which account they can
calife.
I didn't RTFS of adr.c to see if there is security problems but I don't
think that it may be a good idea to use something new.
Denis Ducamp.
-- .signature en deuil
- Previous message: Peter Pan: "Re: No Root Shell with SUID /bin/bash"
- In reply to: Peter Pan: "Re: No Root Shell with SUID /bin/bash"
- Next in thread: Joachim Blaabjerg: "Re: No Root Shell with SUID /bin/bash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
