| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTik97BEqPEVOMNhJEUASwz6LeQEiKgzggwWx4=6J@mail.gmail.com> Date: Tue, 18 Jan 2011 11:12:39 +0000 From: Jamie Riden <jamie.riden@...il.com> To: 我是王子 <tradeprince@...com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq <bugtraq@...urityfocus.com> Subject: Re: I find a bug Also sudo vi, :!bash. That's why you need to be aware of what sudo access you're granting - it's more useful as a tool for keeping audit logs - together with remote syslogging - for well-meaning administrators than it is at stopping people from getting root. cheers, Jamie 2011/1/18 我是王子 <tradeprince@...com>: > hello, > > I found a bug, > > run [sudo strace su] command can get root privileges without any password. > > bill > > ------------------ Original ------------------ > From: "Steve Beattie"<sbeattie@...ntu.com>; > Date: Thu, Jan 13, 2011 08:01 PM > To: "ubuntu-security-announce"<ubuntu-security-announce@...ts.ubuntu.com>; > Cc: "full-disclosure"<full-disclosure@...ts.grok.org.uk>; > "bugtraq"<bugtraq@...urityfocus.com>; > Subject: [USN-1042-2] PHP5 regression > > -- > ubuntu-security-announce mailing list > ubuntu-security-announce@...ts.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Jamie Riden / jamie@...eynet.org / jamie.riden@...il.com http://uk.linkedin.com/in/jamieriden / Mobile: 07545 502 598 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists