Date: Fri, 22 Sep 2000 09:26:54 +0700 (NOVST) From: "Yuri A. Wolf" <subs@proxy.obk.ru> To: freebsd-security@FreeBSD.org Subject: I thinked it is fixed Message-ID: <Pine.BSF.4.21.0009220852070.20938-100000@proxy.obk.ru>
next in thread | raw e-mail | index | archive | help
Greetings! May be it's not a big bug, but I think important for security, that's why I sent it here: 1. Login normally as root 2. Do the next #/usr/bin/login -f userx Now I'm non-root user 'userx'. 3. Exit back $^D # Now I'm root, right? But try to do "who", "who am i", "finger", they all say 'userx'. Althou "whoami" works correctly, shows 'root'. I'm agree absolutely that normally hacker can't be a root, but it's possible to hide himself as non-root user if he gained root access... I noted it in 3.4, but I thinked it is fixed in 4.x. Yesterday I tested it on 4.1, result was the same. I asked to test it on Linux, and they said it shows correctly at last step, ie 'root'. Please, guide me if I'm wrong. Thanks, Yuri. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0009220852070.20938-100000>