On 09:43, mercoledė 28 aprile 2004, Michael Messner wrote: > > ssh passwords... yes you can BUT ssh is for SECURE shell, > > typing a pw is one of those SECURE things. > > yes, I know, but in normal case the user has not enough rights to make > some bad things and we need an auto-login for this user
He misses the right for execute a his own statically compiled program ?? uhmm... I think you can't easly accomplish this... I can always try to download a staticaly linked binary and then execute it ... do_brk() exploit may give you an example of how it's simple for an attacker gain root privileges from local, if you can't establish the user identity you'll give such an opportunity to everyone. -- <?php echo ' Emiliano `AlberT` Gabrielli '."\n". ' E-Mail: AlberT_AT_SuperAlberT_it '."\n". ' Web: http://SuperAlberT.it '."\n". ' IRC: #php,#AES azzurra.com '."\n".'ICQ: 158591185'; ?> ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net