[Off Topic] Re: Linux security

Florian Diesch diesch at spamfence.net
Fri May 19 23:45:18 UTC 2006


Jim Richardson <warlock at eskimo.com> wrote:

> On Sat, 2006-05-06 at 00:40 +0200, Florian Diesch wrote:
>> Jim Richardson <warlock at eskimo.com> wrote:
>> 
>> > second, at least. So how would someone running as a normal user (which
>> > was the question I asked) infect their machine so badly to require a
>> > rebuild? 
>> 
>> On Ubuntu it's quite easy to modify some config files so you get a root
>> shell next time the user uses a program in the admin-menu.
>>
> how do you do that *without* becoming admin via su or sudo? Which is the
> whole question being asked. 

Make sure something like

  while echo|sudo -S something_evil; do
    sleep 5

is executed at startup at the same virtual console as the window manager
(e.g. by adding it to Gnome autostart) and  something_evil will be
executed as root next time the user uses a program in the admin-menu
that needs root privileges.



   Florian
-- 
<http://www.florian-diesch.de/>




More information about the ubuntu-users mailing list