sudo security concerns ?

Fri Nov 26 08:16:33 CST 2004

On Fri, Nov 26, 2004 at 02:21:19PM +0100, Eric Feliksik wrote:
> That's interesting. But how can a program become root if sudo requires a
> user's password, other than sniffing keystrokes for that users' password?

Wait for a root shell to be opened inside a terminal running as that
user, and inject commands into it. (There are plenty of other less
obvious ways.)

-- 
Colin Watson                                    [cjwatson at canonical.com]