On Mon, 2003-12-01 at 14:14, Vineet Kumar wrote: > * Thanasis Kinias (tkinias@asu.edu) [031201 11:03]: > > BTW, if someone has compromised your system to the extent of being able > > to put a trojaned passwd in /usr/local/bin, he can put it in /usr/bin, > > too. > > Not necessarily. In order to put something in /usr/local/[s]bin, I just > need to get an account with group staff. Depending on who's in that > group (and how many are in that group), this may be significantly easier > than getting root. Ok, that *IS* the point... if you are using your local machine and you want custom schkit... then you get into the proper ground and make the changes yourself, rather than tie the admin up. > vineet@quesadilla:~$ ls -l /usr/local > total 32 > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 bin > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 games > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 include > drwxrwsr-x 8 root staff 4096 2003-11-26 14:51 lib > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 man > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 sbin > drwxrwsr-x 3 root staff 4096 2003-11-11 18:10 share > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 src -- greg@gregfolkert.net REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
Attachment:
signature.asc
Description: This is a digitally signed message part