Bugtraq: Re: Red Hat 9: free tickets

[Carlos Villegas <villegas () math gatech edu>]

This way of attack seems useless to me. This is also used on RH 8.0
systems, and for both 8.0 and 9 systems:

drwx------    4 root     root         4096 Jun 27 08:43 /var/run/sudo

Which means that if the packages are properly built (and will make sure 
that this directory gets this permissions if it existed before the
rpm is installed), this attack will gain you nothing, since you need
to be root to exploit it. If you can get root access to make this
attack possible, then you might as well launch a shell instead.

Carlos