DragonFly users List (threaded) for 2007-03
DragonFly BSD
DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Re: To be a new DFly commiter


From: grzela@xxxxxxxxxxxxx
Date: Fri, 16 Mar 2007 21:37:32 +0100



On Fri, 16 Mar 2007 20:58:37 +0100, Joerg Sonnenberger wrote:

> On Fri, Mar 16, 2007 at 06:07:07PM +0100, Grzegorz B?ach wrote:
> > When you do buffer-overflow in passwd you can exec any code with root
> priviledges,
> > but with tcb you must change root password to run code with root
> priviledges,
> > and administrator will see this faster.
> 
> Who said that I want to change the root password? I can easily just
> create a new user with uid 0, login remotely as that and change the
> entry back. Very little log pollution and that can be easily taken care
> of.
> 
> Joerg
> 

To add new user with uid 0 you must edit /etc/passwd file, which is not SGID shadow.
And I put a mistake in this, with SGID shadow you can only cds to /etc/tcb dir,
for edit user shadow file you must run code as this user or root.


____________________________________________________________________________
Domena za 90 groszy! 
www.nazwa.pl



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]