Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lightbar vulnerability

From: aaronb () MOJO CALYX NET (Aaron Bornstein)
Date: Wed, 4 Nov 1998 06:05:51 -0500

On Sun, 1 Nov 1998, Config Urator wrote:


- How do i make sure sum1 dont use this against me?

        easy, just make sure no1 can erase or change permissons of the
file that "guest" account will execute.



        While I suppose it's somewhat against the rules of paranoia for
the program to not die upon discovering the code it's supposed to execute
is modifiable by non-priveleged users, it speaks volumes for the silliness
of the security policies that would allow such a thing to happen in the
first place.

        "Hey, look, I changed ownership of /etc/inetd.conf to this
unpriveleged user and all of a sudden s/he got root on my machine!  Must
be a hole in inetd!"

My $.02.


--
Aaron Bornstein
http://mojo.calyx.net/~aaronb/
aaronb at calyx dot net | aaronmb at mit dot edu
Previous By Date Next
Previous By Thread Next

Current thread: