Date: Thu, 7 Sep 2000 17:01:54 +0100 From: Paul Robinson <wigstah@akitanet.co.uk> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>, mike.sellenschuetter@bankofamerica.com Cc: security@freebsd.org Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <00090717035304.31820@foo.akitanet.co.uk> In-Reply-To: <Pine.GSO.4.10.10009071642410.25945-100000@nenya.ms.mff.cuni.cz> References: <Pine.GSO.4.10.10009071642410.25945-100000@nenya.ms.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 07 Sep 2000, Vladimir Mencl, MK, susSED wrote: =20 > What I was concerned about is, when only some very limited commands are > accessible via sudo, that these commands might be used to exploit the > locale vulnerability. Although a valid point, I'm amazed that on 99.95% of machines with sudo installed I can walk upto it and type: sudo su - And get root shell straight away.sudo /bin/sh is always a good one as wel= l. I think the education needs to start at the basic level first,because I've = yet to see anybody setup sudo correctly the first time around. =20 --=20 Paul Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00090717035304.31820>