Re: Compromise of the nobody account?
- From: mike3 <mike4ty4@xxxxxxxxx>
- Date: Tue, 29 Jan 2008 14:49:59 -0800 (PST)
On Jan 28, 12:40 pm, ibupro...@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
wrote:
On Sun, 27 Jan 2008, in the Usenet newsgroup comp.security.unix, in article<snip>
Thanks for the good response. However, I still would like to know,
namely: what's the most damage a cracker could do running as
"nobody", and could they potentially screw with the system memory
using a program running as "nobody" to execute malicious code
somewhere else (like overwrite part of a program that has much
higher privilege (ie. root) on it with some sort of malicious code
that
does something like send "rm -rf /*" as root, grab /etc/shadow, launch
a root shell, etc.)? Is it safe to be lax in one's estimation of the
damage that could be caused running as "nobody", or could
quite a bit be done by a clever enough cracker?
.
- Follow-Ups:
- Re: Compromise of the nobody account?
- From: mike3
- Re: Compromise of the nobody account?
- References:
- Compromise of the nobody account?
- From: mike3
- Re: Compromise of the nobody account?
- From: Moe Trin
- Re: Compromise of the nobody account?
- From: mike3
- Re: Compromise of the nobody account?
- From: Moe Trin
- Re: Compromise of the nobody account?
- From: mike3
- Re: Compromise of the nobody account?
- From: Moe Trin
- Compromise of the nobody account?
- Prev by Date: Re: Compromise of the nobody account?
- Next by Date: Re: Compromise of the nobody account?
- Previous by thread: Re: Compromise of the nobody account?
- Next by thread: Re: Compromise of the nobody account?
- Index(es):
Relevant Pages
|
|
