Date: Thu, 3 Apr 2003 22:17:45 -0500 From: Larry Sica <lomion@mac.com> To: Bob Bomar <bulldog@fxp.org> Cc: chat@freebsd.org Subject: Re: Offtopic Message-ID: <01758D8D-664C-11D7-AB40-000393A335A2@mac.com> In-Reply-To: <20030402230154.GA23852@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, April 2, 2003, at 06:01 PM, Bob Bomar wrote: > On Tue, Mar 18, 2003 at 01:20:27PM -0600, Fabio Miranda Hamburger > wrote: >> Hi, I have a couple of question: >> >> 1. A technique for an intruder to keep a root account was creating a >> stuid >> root shell, that is not possible on FreeBSD nowadays, Why is not >> possible? >> How a program like sudo can do that? Foe example, If i am a sudo 'full >> admin' I can do this without passwd: >> %sudo su >> # > > sudo executes the command as root, and since the systems sees su > being executed as root, you wont need that password. > Also it depends on how sudo is setup. If passwords are enabled you'd have to enter your password. --Larry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01758D8D-664C-11D7-AB40-000393A335A2>