[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Local users get to play root?



Am 2009-11-18 20:30, schrieb Konstantin Ryabitsev:
2009/11/18 nodata<lsof nodata co uk>:
Am 2009-11-18 20:20, schrieb Richard Hughes:

2009/11/18 Casey Dahlin<cdahlin redhat com>:

By the admin's first opportunity to change the settings the box could
already be rooted.

I'm not sure how you can root a computer from installing signed
content by a user that already has physical access to the machine.

You install software with a known buffer overflow before it is fixed and
exploit it. More software = more chances to exploit. Bingo!

If a user logged in from a physical local console wanted to exploit
their machine, this would be the hard way to do it.

If the servers are in locked racks and you require a reboot to get access to a grub prompt which is not password protected, then the outage would trip the monitoring system.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]