* Thanasis Kinias (tkinias@asu.edu) [031201 11:03]: > BTW, if someone has compromised your system to the extent of being able > to put a trojaned passwd in /usr/local/bin, he can put it in /usr/bin, > too. Not necessarily. In order to put something in /usr/local/[s]bin, I just need to get an account with group staff. Depending on who's in that group (and how many are in that group), this may be significantly easier than getting root. vineet@quesadilla:~$ ls -l /usr/local total 32 drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 bin drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 games drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 include drwxrwsr-x 8 root staff 4096 2003-11-26 14:51 lib drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 man drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 sbin drwxrwsr-x 3 root staff 4096 2003-11-11 18:10 share drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 src good times, Vineet -- http://www.doorstop.net/ -- Microsoft has argued that open source is bad for business, but you have to ask, "Whose business? Theirs, or yours?" --Tim O'Reilly
Attachment:
signature.asc
Description: Digital signature