On Thu, 2002-03-28 at 22:14, Bailey Kong wrote: > the current work around i got was to chattr +i /etc/passwd > > that makes it so /etc/passwd can't be modified, if and when you need to add > a user you can simply do chattr -i /etc/passwd
that's absolutely pointless under linux. the exploit allows you to execute arbitrary code as root. making the passwd file immutable only adds one more step: ln -s $SCRIPTDIR'`chattr =i /etc/passwd; cd etc;chmod 666 passwd #`' /tmp/logwatch.$2/cron etc. in *BSD you have to drop the security level to 0 or below to change an immutable flag, which (usually) drops you out of multiuser mode, so that it's difficult (although not impossible) for a remote user make the change. so a console user could use this exploit, although usually having console access means you can get root anyway (boot in single user mode, use a boot disk/cd and mount the drive from a different os, steal the hd and mount it elsewhere, etc). -jon -- [EMAIL PROTECTED] || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
signature.asc
Description: This is a digitally signed message part
