From: Carlos Villegas (villegasmath.gatech.edu)
Date: Wed Jul 02 2003 - 16:07:29 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This way of attack seems useless to me. This is also used on RH 8.0
systems, and for both 8.0 and 9 systems:

drwx------ 4 root root 4096 Jun 27 08:43 /var/run/sudo

Which means that if the packages are properly built (and will make sure
that this directory gets this permissions if it existed before the
rpm is installed), this attack will gain you nothing, since you need
to be root to exploit it. If you can get root access to make this
attack possible, then you might as well launch a shell instead.

Carlos

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]