Bugtraq mailing list archives
Bug is sudo?
From: rhodie () NAC NET (Rhodie)
Date: Fri, 26 Jun 1998 03:25:56 +0300
I was messing arround with sudo when i found out that you can check to see if there is a file that can be exec'd by root, even if you don't have the privlages. IE: You can check to see if there is a program, in the root path, that you can't see (maybe can and its just easyer to do it this way). The normal way to use sudo is 'sudo command' and it asks you for your password, you put it in and it exec's as root, you get it wrong and it doesnt.... Try sudo <command that doesnt exist>, it says: sudo.bin: fdsa: command not found So? you say, well, you can check to see if there is something to play with that root has hidden.... Take a look at these: (rhodie@is-so) [~]$ sudo fdsa sudo.bin: fdsa: command not found (rhodie@is-so) [~]$ sudo id Password: Heh, isn't that purty? ------------------------------- Get your own rhoide too! Coming soon to stores! ---===***)))The other barefoot wanna-be-programer(((***===--- Find me on almost any major network (exept for efnet, because they suck) and visit technonet! Dark.TechnoNet.Net 6667 --------------------------------------------------------------------------
Current thread:
- ncftp 2.4.3 bug Paul Boehm (Jun 20)
- <Possible follow-ups>
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)
- Re: ncftp 2.4.3 bug Paul Boehm (Jun 22)
- Re: ncftp 2.4.3 bug Liviu Daia (Jun 23)
- textcounter.pl SECURITY HOLE Doru Petrescu (Jun 23)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)
- Re: security hole in mailx Ben Collins (Jun 25)
- Re: security hole in mailx Theo de Raadt (Jun 25)
- guestbook script is still vulnerable under apache Stunt Pope (Jun 25)
- Re: guestbook script is still vulnerable under apache Theo Van Dinter (Jun 25)
- Re: guestbook script is still vulnerable under apache Andru Luvisi (Jun 25)
- Re: guestbook script is still vulnerable under apache Lincoln Stein (Jun 26)
- dip-3.3.7p exploit (stackpatch_ Thomas Troeger (Jun 26)