[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTik97BEqPEVOMNhJEUASwz6LeQEiKgzggwWx4=6J@mail.gmail.com>
Date: Tue, 18 Jan 2011 11:12:39 +0000
From: Jamie Riden <jamie.riden@...il.com>
To: 我是王子 <tradeprince@...com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq <bugtraq@...urityfocus.com>
Subject: Re: I find a bug
Also sudo vi, :!bash.
That's why you need to be aware of what sudo access you're granting -
it's more useful as a tool for keeping audit logs - together with
remote syslogging - for well-meaning administrators than it is at
stopping people from getting root.
cheers,
Jamie
2011/1/18 我是王子 <tradeprince@...com>:
> hello,
>
> I found a bug,
>
> run [sudo strace su] command can get root privileges without any password.
>
> bill
>
> ------------------ Original ------------------
> From: "Steve Beattie"<sbeattie@...ntu.com>;
> Date: Thu, Jan 13, 2011 08:01 PM
> To: "ubuntu-security-announce"<ubuntu-security-announce@...ts.ubuntu.com>;
> Cc: "full-disclosure"<full-disclosure@...ts.grok.org.uk>;
> "bugtraq"<bugtraq@...urityfocus.com>;
> Subject: [USN-1042-2] PHP5 regression
>
> --
> ubuntu-security-announce mailing list
> ubuntu-security-announce@...ts.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Jamie Riden / jamie@...eynet.org / jamie.riden@...il.com
http://uk.linkedin.com/in/jamieriden / Mobile: 07545 502 598
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists