[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




On Sat, 1 Jul 2000, Thor wrote:

> huh ? and you call this an xploit ?
> 
> if you have physical access to the console and floppy drive you can always 
> start with a boot + root floppy, mount the hard disk and modify the 
> mounted /etc/passwd file ... this is an old trick, usefull when you 
> loose the root password ;-)

Yes, that's correct, but there's a huge difference in an exploit that
needs a reboot (boot+root floppy) to work or one that works without
putting off any simple monitoring tools. A vi'd passwordfile isn't checked
for every other minute... a reboot doesn't go around unnoticed...

Mark Janssen                                  Unix Consultant
Unix Support Nederland / PSInet Netherlands
E-mail: mark@markjanssen.homeip.net    GnuPG Key Id: 357D2178
http: markjanssen.homeip.net www.markjanssen.nl www.maniac.nl
Fax/VoiceMail: +31 20 8757555
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Filter: gpg4pine 4.0 (http://azzie.robotics.net)

iD8DBQE5XbkWb6urvDV9IXgRAiMEAJ9tsNTHh/brv5jO1mbMmdiU2ndtyQCfYSEX
OGZaPO7airhlgetmJ/gqGHk=
=OBIz
-----END PGP SIGNATURE-----
Reply to: