Hosting Provided By

Re: Red Hat 9: free tickets

From: Stephen Samuel <samuel(at)bcgreen.com>
Date: Fri Jul 11 2003 - 14:30:12 EDT

Jon Hart wrote:
> On Sun, Jul 06, 2003 at 12:30:34PM -0700, Stephen Samuel wrote:

> Actually, I'm not sure this entirely true.  Well, it is, but there is
> another important condition that must be met for this (or similar)
> attacks to work properly -- /var/run/sudo/$USER/ must exist.  This means
> that the user must have previously sudo'd at lease once and
> /var/run/sudo/$USER/ will have been created.

Yep. that sounds accurate, but it just raised another point for me (not quite blazingly obvious, but an issue to remember, nontheless):

If, as an administrator, you use the GUI password thing to acces an admin function, you have to remember to (must be done as root)( remove the /var/run/sudo/$USER/* files -- or else the user has (essentially) full root prives until the file expires.

I think that redhat should allow some way (and I really think it should be the default state) for people to indicate that they do *NOT* want the system to remember that authorization.

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   
http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
        the jewel within each person and bring it to life.

Received on Fri Jul 11 16:53:50 2003

This message: [ Message body ]
Next message: Brad Bemis: "RE: How vulnerable is a 'Limited" account on XP?"
Previous message: NetNinja: "Named pipe paper"
In reply to: Jon Hart: "Re: Red Hat 9: free tickets"
In reply to Stephen Samuel: "Re: Red Hat 9: free tickets"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT