[773] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Tue Jun 11 11:48:47 1996

To: gj@canarie.ca (G.J.W. Hagenaars)
Date: Tue, 11 Jun 1996 09:10:59 +0200 (METDST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606061719.NAA07253@tweetie.canarie.ca> from "G.J.W. Hagenaars" at Jun 6, 96 01:19:59 pm
From: R.E.Wolff@et.tudelft.nl (Rogier Wolff)
X-Return-Receipt-To: wolff@erasmus.et.tudelft.nl

> So you install and maintain sudo. That way you give specific root
> privileges to certain programs, to be invoked by certain users only. As
> an added benefit, it gives you logging too. Oh, simply getting a shell
> in someone else's name doesn't work with sudo; you still need the
> user's password to do something useful.

This makes me angry. Simply getting a shell in someone elses name
ALWAYS gets you his privileges. In the case of having to go
through sudo, you might have to install a trojan "sudo" in his 
account to do it..... But having shell access to someone's account
is "enough" to gain his privileges. 

A cracker builds up a suitable toolset and trickset to do this kind
of thing unobtrusively over time....

				Roger.

-- 
 ** Q: What's the difference between MicroSoft Windows and a virus?       **
 ** A: Apart from the fact that virusses install easier, none.            **
 ** EMail: R.E.Wolff@et.tudelft.nl * Tel +31-15-2783643 or +31-15-2137459 **
 *** <a href="http://einstein.et.tudelft.nl/~wolff/">my own homepage</a> ***

home help back first fref pref prev next nref lref last post