Hi,
You probably dont take into account the chown() that happens in lightdm.
Just unlink the created ~/.dmrc or ~/.Xauthority files after creation and make
a symlink
to /etc/passwd to chown it to yourself.
However I didnt dig deep enough into it to write an exploit as I dont have
a working light
On ven., 2011-08-26 at 10:43 +0200, Sebastian Krahmer wrote:
> Hi,
>
> You probably dont take into account the chown() that happens in lightdm.
> Just unlink the created ~/.dmrc or ~/.Xauthority files after creation and
> make a symlink
> to /etc/passwd to chown it to yourself.
The chown will be
On mer., 2011-08-24 at 20:55 +0200, Yves-Alexis Perez wrote:
> And, out of curiosity, how would you achieve privilege escalation? You
> should be able to erase/rewrite arbitrary files, including /etc/shadow,
> but you don't really have control on what's written there.
In gdm (CVE-2011-0727 I gues
3 matches
Mail list logo
