Ubuntu security hole? (not super major, but wondering if it is an issue to report)
Cybe R. Wizard
cybe_r_wizard at earthlink.net
Tue May 9 04:33:22 UTC 2006
On Tue, 09 May 2006 11:04:18 +0700
Chanchao <custom at freenet.de> wrote:
> HOWEVER, at this point it put me straight into a root shell!
> 'root at ubuntu #' So it did not prompt for a root password (obviously,
> as there is none) but it also did not prompt for my own password. Of
> course it wouldn't know which username in the sudoers list to pick (in
> my case there's only one), but the result was that the system opened
> itself up with complete root access to whoever was sitting at the
> keyboard.
As ever, if a black hat has physical access to the machine all security
bets are off.
Cybe R. Wizard
--
Press 'START' to stop
Winduhs
More information about the ubuntu-users
mailing list