[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



2009/11/18 nodata <lsof nodata co uk>:
> Am 2009-11-18 20:20, schrieb Richard Hughes:
>>
>> 2009/11/18 Casey Dahlin<cdahlin redhat com>:
>>>
>>> By the admin's first opportunity to change the settings the box could
>>> already be rooted.
>>
>> I'm not sure how you can root a computer from installing signed
>> content by a user that already has physical access to the machine.
>
> You install software with a known buffer overflow before it is fixed and
> exploit it. More software = more chances to exploit. Bingo!

If a user logged in from a physical local console wanted to exploit
their machine, this would be the hard way to do it.

Regards,
-- 
McGill University IT Security
Konstantin Ryabitsev
Montréal, Québec


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]