it has set the CWD of itself to a known-safe location that
should have permissions which are only open to the redis daemon / redis user
and not to other users or processes.
Thanks,
Matthew Hall
___
Full-Disclosure - We believe in it.
Charter: http
gmaggro wrote:
..it would be a nice touch if everyone sent a few dollars to the
projects or authors of the security tools they use. I have donated a bit
already to some of my favourites, but I'm only one person. Alot of folks
have worked hard to bring us some good shit, let's give a little
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Danny wrote:
Has anyone had a go with/against the Asus Eee PC?
Yes. Open the file browser and get a terminal (/usr/bin/konsole will
do). Then just 'sudo su -' and you're root!
Every user gets ALL=(ALL) NOPASSWD: ALL in sudoers, so not much of a
Severity:High - Full system compromise possible
Date:04 August 2006
Discovered by: Matthew Hall ([EMAIL PROTECTED]) (Credits for original
discovery to Greg Sinclair)
Discovered on: 03 Aug 2006
Summary:
Lack of input sanitisation in the Linux based