Re: where should i post securety risc code ?

To: debian-user@lists.debian.org
Subject: Re: where should i post securety risc code ?
From: Sue Kim <asueekim2@yahoo.com>
Date: Sat, 16 Dec 2006 21:08:20 -0800 (PST)
Message-id: <[🔎] 422322.60924.qm@web58106.mail.re3.yahoo.com>
In-reply-to: <[🔎] 87zm9n2nea.fsf@evinrude.uhoreg.ca>

Post the code to the list anyway. It would be interesting to see your program :).

Hubert Chan <uhoreg@debian.org> wrote:

On Sat, 16 Dec 2006 18:31:28 +0200, Jabka Atu said:

> Howdy,... I realized some securety risc about users that are by
> default are in Disc group : if user in this group he can add him self
> to user group (by manualy editing the parttion ) i had written some
> code that can demonstarte this kind of behavor.

This is already very well known. Anyone who has access to the disk
devices is de facto root, and can do much more than just adding himself
to a user group. Obviously, nobody should be added to the disk group
(or otherwise given permission to the disk devices) unless they are
entirely trusted.

> where can i send this code ?

> Regards Jabka Atu Cold Burn Team

--
Hubert Chan -- Jabber: hubert@uhoreg.ca
PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Reply to:

References:
- Re: where should i post securety risc code ?
  - From: Hubert Chan <uhoreg@debian.org>

Prev by Date: Re: Why Disable Root ssh login?
Next by Date: setting up compiz on legacy video
Previous by thread: Re: where should i post securety risc code ?
Next by thread: did any one compiled and uploaded wine64 some where ?
Index(es):
- Date
- Thread