bash
Matthew Miller
mattdm at mattdm.org
Wed Dec 7 13:38:32 UTC 2005
On Wed, Dec 07, 2005 at 08:12:17AM -0500, Gene Heskett wrote:
> >> >Cos' that user is only allowed to do cp mv and chmod, not anything
> >> > else.
> >> And thats enough to own the box.
> >How?
> If he can cp and mv something malicious, then chown it to a lower
> numbered user, I think he could gain root privs if he was suitably
> creative. Maybe not, but it would certainly bear watching/logging IMO.
ch*mod*, not chown. :)
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the users
mailing list