mailing list archives
Re: RedHat 6.1 /and others/ PAM
From: vectro () PIPELINE COM (Ian Turner)
Date: Tue, 1 Feb 2000 11:52:04 -0800
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 31 Jan 2000, Simple Nomad wrote:
Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
"standard in must be a tty..." therefore the sploit would stop on the
first word in the list as if it was the correct password. Therefore I fail
to see the exact sploit here. I tried this on a stock RH 6.1 machine.
- Simple Nomad - No rest for the Wicca'd -
- thegnome () nmrc org - www.nmrc.org -
- thegnome () razor bindview com - www.bindview.com -
You could create a more complicated exploit using ptty's. Basically su
checks if standard input is a tty because they don't want you using 'su'
in shell scripts. But you can still do it, it's just not as easy.
I'd contribute example code but I just woke up. :b
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----