lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4D35DB6B.6010403@behrens.com>
Date: Tue, 18 Jan 2011 19:26:51 +0100
From: Harry Behrens <harry@...rens.com>
To: Laurelai Storm <laurelai@...echan.org>, full-disclosure@...ts.grok.org.uk
Subject: Re: I find a bug

this very smart prince of the East is obviously listed in /etc/sudoers...;-)

-h

On 18.01.2011 16:47, Laurelai Storm wrote:
> I have fedora 14, several centOS 5.5 machines and a vanilla ubuntu
> 9.10 vm, all ask for the password
>
>
> 2011/1/18 Christian Sciberras <uuf6429@...il.com
> <mailto:uuf6429@...il.com>>
>
>     Every bug is a feature. Some are less obvious than others.
>
>     ;-)
>
>     Oh, and for what it's worth, I get asked for the root password on
>     my machine (vanilla ubuntu).
>
>
>
>
>
>     2011/1/18 Laurelai Storm <laurelai@...echan.org
>     <mailto:laurelai@...echan.org>>
>
>         It prompts for a password on my machine, perhaps you should
>         check your sudoers config.
>
>         Also, its not a bug its a feature :p
>
>         2011/1/18 我是王子 <tradeprince@...com
>         <mailto:tradeprince@...com>>
>
>             hello,
>             I found a bug,
>             run [sudo strace su] command can get root privileges
>             without any password.
>             bill
>             ------------------ Original ------------------
>             *From: * "Steve Beattie"<sbeattie@...ntu.com
>             <mailto:sbeattie@...ntu.com>>;
>             *Date: * Thu, Jan 13, 2011 08:01 PM
>             *To: *
>             "ubuntu-security-announce"<ubuntu-security-announce@...ts.ubuntu.com
>             <mailto:ubuntu-security-announce@...ts.ubuntu.com>>;
>             *Cc: * "full-disclosure"<full-disclosure@...ts.grok.org.uk
>             <mailto:full-disclosure@...ts.grok.org.uk>>;
>             "bugtraq"<bugtraq@...urityfocus.com
>             <mailto:bugtraq@...urityfocus.com>>;
>             *Subject: * [USN-1042-2] PHP5 regression
>             -- 
>             ubuntu-security-announce mailing list
>             ubuntu-security-announce@...ts.ubuntu.com
>             <mailto:ubuntu-security-announce@...ts.ubuntu.com>
>             Modify settings or unsubscribe at:
>             https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>
>
>             _______________________________________________
>             Full-Disclosure - We believe in it.
>             Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>             Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ