From owner-freebsd-security Thu Sep 7 9: 4:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from jake.akitanet.co.uk (jake.akitanet.co.uk [212.1.130.131]) by hub.freebsd.org (Postfix) with ESMTP id E935437B422 for ; Thu, 7 Sep 2000 09:04:31 -0700 (PDT) Received: from ppp-10a-93.3com.telinco.net ([212.159.146.93] helo=foo.akitanet.co.uk) by jake.akitanet.co.uk with smtp (Exim 3.13 #3) id 13X49Q-000Fgq-00; Thu, 07 Sep 2000 17:03:44 +0100 From: Paul Robinson Organization: Akita Ltd. To: "Vladimir Mencl, MK, susSED" , mike.sellenschuetter@bankofamerica.com Subject: Re: UNIX locale format string vulnerability (fwd) Date: Thu, 7 Sep 2000 17:01:54 +0100 X-Mailer: KMail [version 1.0.28] Content-Type: text/plain; charset="US-ASCII" Cc: security@freebsd.org References: In-Reply-To: MIME-Version: 1.0 Message-Id: <00090717035304.31820@foo.akitanet.co.uk> Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 07 Sep 2000, Vladimir Mencl, MK, susSED wrote: =20 > What I was concerned about is, when only some very limited commands are > accessible via sudo, that these commands might be used to exploit the > locale vulnerability. Although a valid point, I'm amazed that on 99.95% of machines with sudo installed I can walk upto it and type: sudo su - And get root shell straight away.sudo /bin/sh is always a good one as wel= l. I think the education needs to start at the basic level first,because I've = yet to see anybody setup sudo correctly the first time around. =20 --=20 Paul Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message