On Tue, Jun 25, 2002 at 05:16:51PM +0200, Ralf Dreibrodt wrote: > just imagine: > i login as root. > su to ralf (man su) > ralf executes any buggy programm, where someone else can insert > shellcode. > (e.g. chmod 777 /home/ralf -R; /home/ralf/myshellscript.sh) > > this shellcode is executed as user ralf, not as user root. > > there is no chance to execute the shellcode, which inserted any other > user in /home/ralf/myshellscript.sh) as root, although i logged in as > root. (if we assume that there is no bug in "su") *TECHNICALLY* every login is root. Getty runs as root and then gives up root to the authenticated user once PAM gives the okay...Does this mean the user can break back into root? If the exit their shell (Ctrl + D, or pick your choice of logout method...) then Getty immediately respawns.... Phil
Attachment:
pgphhYcF3g6cp.pgp
Description: PGP signature