On Sat, 16 Dec 2006 18:31:28 +0200, Jabka Atusaid:
> Howdy,... I realized some securety risc about users that are by
> default are in Disc group : if user in this group he can add him self
> to user group (by manualy editing the parttion ) i had written some
> code that can demonstarte this kind of behavor.
This is already very well known. Anyone who has access to the disk
devices is de facto root, and can do much more than just adding himself
to a user group. Obviously, nobody should be added to the disk group
(or otherwise given permission to the disk devices) unless they are
entirely trusted.
> where can i send this code ?
> Regards Jabka Atu Cold Burn Team
--
Hubert Chan-- Jabber: hubert@uhoreg.ca
PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/
Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com