Date: Sat, 23 Dec 2000 22:20:24 +0300 From: Igor Robul <igor@raduga.dyndns.org> To: FreeBSD stable <freebsd-stable@FreeBSD.ORG> Subject: Re: Security problem with "script"? Message-ID: <20001223222024.A7570@linux.rainbow> In-Reply-To: <20001007031416.A1389@freebsd.mindspring.com>; from david.kanter@mindspring.com on Sat, Oct 07, 2000 at 03:14:16AM -0500 References: <20001007031416.A1389@freebsd.mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 07, 2000 at 03:14:16AM -0500, David J. Kanter wrote: > I don't know if this is an issue or not, but using the script program with > sudo seems to switch the sudoer's id to root. This is not security problem. This is stupid "root" :-) "script" just starts shell. So /bin/sh is too vulnarable to this "exploit": sudo /bin/sh will give you root shell. If, of course, you are allowed start /bin/sh with sudo This was explained some month ago to other person :-) -- Igor Robul, Unix System Administrator & Programmer @ sanatorium "Raduga", Sochi, Russia http://www.brainbench.com/transcript.jsp?pid=304744 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001223222024.A7570>