[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <52331.148.78.243.52.1069286838.squirrel@www.herber-hill.com>
From: chill at herber-hill.com (Charles E. Hill)
Subject: Vulnerability in Terminal.app
This sounds a lot like an issue I had with Red Hat Linux 8 & 9.
If you do something as a regular user that requires root permissions, RH
prompts for the root password and basically "su"s the session for a set
time period.
The problem occurred when you reboot. If you're still within that time
period, if you log back in the "su" is still in effect! Yes, it'll time
out but I found it odd that the priv upgrade lasted past a reboot (and
subsequent login to the same user account).
I always just explicitly dropped upgraded privs (mouse click in system
tray icon) after whatever I did.
Powered by blists - more mailing lists