Re: sudo security Was: Reporting missing package during install
Bob Proulx writes:
> Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
program including 'date -s'. Or at least 'sudo bash', and then live
happy with a shell executed with the root id.
If your /etc/sudoers contains 'yourusername ALL=(ALL) ALL' try running
sudo date 20000101
and feel younger ;)
> If they
> could other attacks would also be possible.
Since they can change the date...
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
già sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
Reply to: