lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <52331.148.78.243.52.1069286838.squirrel@www.herber-hill.com>
From: chill at herber-hill.com (Charles E. Hill)
Subject: Vulnerability in Terminal.app

This sounds a lot like an issue I had with Red Hat Linux 8 & 9.

If you do something as a regular user that requires root permissions, RH
prompts for the root password and basically "su"s the session for a set
time period.

The problem occurred when you reboot.  If you're still within that time
period, if you log back in the "su" is still in effect!  Yes, it'll time
out but I found it odd that the priv upgrade lasted past a reboot (and
subsequent login to the same user account).

I always just explicitly dropped upgraded privs (mouse click in system
tray icon) after whatever I did.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ