DragonFly users List (threaded) for 2007-03
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: Re: To be a new DFly commiter
On Fri, 16 Mar 2007 20:58:37 +0100, Joerg Sonnenberger wrote:
> On Fri, Mar 16, 2007 at 06:07:07PM +0100, Grzegorz B?ach wrote:
> > When you do buffer-overflow in passwd you can exec any code with root
> priviledges,
> > but with tcb you must change root password to run code with root
> priviledges,
> > and administrator will see this faster.
>
> Who said that I want to change the root password? I can easily just
> create a new user with uid 0, login remotely as that and change the
> entry back. Very little log pollution and that can be easily taken care
> of.
>
> Joerg
>
To add new user with uid 0 you must edit /etc/passwd file, which is not SGID shadow.
And I put a mistake in this, with SGID shadow you can only cds to /etc/tcb dir,
for edit user shadow file you must run code as this user or root.
____________________________________________________________________________
Domena za 90 groszy!
www.nazwa.pl
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]