[Off Topic] Re: Linux security
Florian Diesch
diesch at spamfence.net
Fri May 19 23:45:18 UTC 2006
Jim Richardson <warlock at eskimo.com> wrote:
> On Sat, 2006-05-06 at 00:40 +0200, Florian Diesch wrote:
>> Jim Richardson <warlock at eskimo.com> wrote:
>>
>> > second, at least. So how would someone running as a normal user (which
>> > was the question I asked) infect their machine so badly to require a
>> > rebuild?
>>
>> On Ubuntu it's quite easy to modify some config files so you get a root
>> shell next time the user uses a program in the admin-menu.
>>
> how do you do that *without* becoming admin via su or sudo? Which is the
> whole question being asked.
Make sure something like
while echo|sudo -S something_evil; do
sleep 5
is executed at startup at the same virtual console as the window manager
(e.g. by adding it to Gnome autostart) and something_evil will be
executed as root next time the user uses a program in the admin-menu
that needs root privileges.
Florian
--
<http://www.florian-diesch.de/>
More information about the ubuntu-users
mailing list