Date: Sun, 22 Jul 2007 19:54:55 +1000 From: "Paul Fraser" <pfraser@gmail.com> To: tmclaugh@sdf.lonestar.org Cc: ports@freebsd.org Subject: Re: Unusual sudo / w behaviour - 0 users? Message-ID: <f82eafcc0707220254j571255bco79fba50d44398934@mail.gmail.com> In-Reply-To: <f82eafcc0707220245v24da9f88h197b6e076cdd72f2@mail.gmail.com> References: <f82eafcc0707220245v24da9f88h197b6e076cdd72f2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/22/07, Paul Fraser <pfraser@gmail.com> wrote: > Hi Tom (and ports list by CC), > > After an upgrade to sudo v1.6.9 on my 6-STABLE workstation, I've > noticed some interesting behaviour with regards to interaction between > sudo and w. Sorry to respond so shortly afterwards (especially to myself!), but I've also confirmed this behaviour on a FreeBSD 6.2-RELEASE-p6 box with sudo v1.6.9. Quite an interesting little bug with potentially dangerous implications, since a user could hide from the "real" administrator if (s)he were to compromise the box and at least temporarily escalate themselves. -- Regards, Paul Fraser // Independent Technical Consultant // Ph: +61 405 341 905 // furyc0de.net This correspondence and any related attachments are confidential. Distribution, reproduction, or release (public domain or otherwise) without the author's prior written consent is STRICTLY FORBIDDEN. Failure to distribute any of the aforementioned without this footer (intact and unmodified) is also STRICTLY FORBIDDEN. Failure to abide by these terms and conditions can result in legal action. If you have received this correspondance in error, or believe any of these terms have been breached, you are requested to contact the author immediately and take steps to destroy all copies in your possession. PGP KeyID: 0x64E635B1 Keyserver: pgp.mit.edu:11371 Key fingerprint: CDA3 0797 68B9 0EC1 D4D3 A7B9 D7D7 4924 64E6 35B1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f82eafcc0707220254j571255bco79fba50d44398934>