also sprach Adam Warner [EMAIL PROTECTED] [2002.01.22.0511 +0100]:
I realise now that I have witnessed this kind of issue before (In some
circumstances, it's possible for a non-privileged process to have `root'
as the login name returned by getlogin.)
okay, and that does it for me. can you
On Tuesday, 2002-01-22 at 01:11:18 +0100, Christian Jaeger wrote:
(BTW a somewhat similar problem (but not debian specific) exists with
the perl CPAN module build process: -MCPAN is designed to work as
root. It downloads the tarball, extracts it (with the user/group that
the author packed
On Tue, 2002-01-22 at 23:31, martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.22.0511 +0100]:
I realise now that I have witnessed this kind of issue before (In some
circumstances, it's possible for a non-privileged process to have `root'
as the login name returned
Adam Warner [EMAIL PROTECTED] wrote on 22/01/2002 (10:00) :
Here's how you can reproduce it (running Debian unstable):
1. Log in as root
2. su - user
if you here write whoami instead of starting X what does it say?
Preben
--
() Join the worldwide campaign to protect fundamental human
On Tue, Jan 22, 2002 at 01:59:44AM +0100, Christian Jaeger wrote:
I just wanted to point it out here, since I wasn't sure whether I
should file a bug report against fakeroot for writing suid through,
I consider it a bug; it's introducing a third permissions+ownership
state that was requested
On Wed, 2002-01-23 at 00:35, Preben Randhol wrote:
Adam Warner [EMAIL PROTECTED] wrote on 22/01/2002 (10:00) :
Here's how you can reproduce it (running Debian unstable):
1. Log in as root
2. su - user
if you here write whoami instead of starting X what does it say?
As expected, the
On Tue, Jan 22, 2002 at 11:42:49AM +, Colin Phipps wrote:
On Tue, Jan 22, 2002 at 01:59:44AM +0100, Christian Jaeger wrote:
I just wanted to point it out here, since I wasn't sure whether I
should file a bug report against fakeroot for writing suid through,
I consider it a bug; it's
Adam Warner [EMAIL PROTECTED] writes:
1. Log in as root
2. su - user
Does su - write a new utmp entry? I don't think so.
--
Florian Weimer[EMAIL PROTECTED]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT
Florian Weimer wrote:
Adam Warner [EMAIL PROTECTED] writes:
1. Log in as root
2. su - user
Does su - write a new utmp entry? I don't think so.
NO - unfortunately not
But an entry in your log-messages exists - but - of course that depends on your
personal config...
Greetz
Christoph
At 5:11 PM +1300 1/22/02, Adam Warner wrote:
1. Log in as root
2. su - user
3. startx (running KDE, not GNOME)
4. Click on the Control Center
5. There in the Control Center info box it will state that the user is
root!
Why does the KDE Control Center think the user is currently root? In
contrast
Hi,
Kevin van Haaren wrote:
if I:
ssh in as a user account
su root
have a look at this:
ralf@debian:~$ su
Password:
debian:/home/ralf# set | grep LOGNAME
LOGNAME=ralf
debian:/home/ralf# exit
ralf@debian:~$ su -
Password:
debian:~# set | grep LOGNAME
LOGNAME=root
su != su -
what about
I wrote this about using junkbuster on a testing machine.
When I
try to access a page that is not on my machine, I get the message 'No
such domain: www.google.com' (for example). However, when I
try http://216.239.37.101 (google's ip), I did get the page and I was
able to search and click
On Tue, Jan 22, 2002 at 05:11:45PM +1300, Adam Warner wrote:
Why does the KDE Control Center think the user is currently root? In
contrast the GNOME Control Center properly identifies the username.
Perhaps KDE uses getlogin(2) ?
--
Leo Howell M5AKW
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.22.0511 +0100]:
I realise now that I have witnessed this kind of issue before (In some
circumstances, it's possible for a non-privileged process to have `root'
as the login name returned by getlogin.)
okay, and that does it for me. can you try
On Tuesday, 2002-01-22 at 01:11:18 +0100, Christian Jaeger wrote:
(BTW a somewhat similar problem (but not debian specific) exists with
the perl CPAN module build process: -MCPAN is designed to work as
root. It downloads the tarball, extracts it (with the user/group that
the author packed
On Tue, 2002-01-22 at 23:31, martin f krafft wrote:
also sprach Adam Warner [EMAIL PROTECTED] [2002.01.22.0511 +0100]:
I realise now that I have witnessed this kind of issue before (In some
circumstances, it's possible for a non-privileged process to have `root'
as the login name returned
Adam Warner [EMAIL PROTECTED] wrote on 22/01/2002 (10:00) :
Here's how you can reproduce it (running Debian unstable):
1. Log in as root
2. su - user
if you here write whoami instead of starting X what does it say?
Preben
--
() Join the worldwide campaign to protect fundamental human
On Tue, Jan 22, 2002 at 01:59:44AM +0100, Christian Jaeger wrote:
I just wanted to point it out here, since I wasn't sure whether I
should file a bug report against fakeroot for writing suid through,
I consider it a bug; it's introducing a third permissions+ownership
state that was requested
On Wed, 2002-01-23 at 00:35, Preben Randhol wrote:
Adam Warner [EMAIL PROTECTED] wrote on 22/01/2002 (10:00) :
Here's how you can reproduce it (running Debian unstable):
1. Log in as root
2. su - user
if you here write whoami instead of starting X what does it say?
As expected, the
Hi,
Kevin van Haaren wrote:
if I:
ssh in as a user account
su root
have a look at this:
[EMAIL PROTECTED]:~$ su
Password:
debian:/home/ralf# set | grep LOGNAME
LOGNAME=ralf
debian:/home/ralf# exit
[EMAIL PROTECTED]:~$ su -
Password:
debian:~# set | grep LOGNAME
LOGNAME=root
su != su -
I wrote this about using junkbuster on a testing machine.
When I
try to access a page that is not on my machine, I get the message 'No
such domain: www.google.com' (for example). However, when I
try http://216.239.37.101 (google's ip), I did get the page and I was
able to search and click
On Mon, 2002-01-21 at 10:36, [EMAIL PROTECTED] wrote:
Are ftp anonymous scans illegal?
Most likely not, but, as others have stated consult a lawyer for the
nitty gritty details.
if it is, can i get an license to do penetrations test?
You could just ask, can't you? I have done so on several
Andrew Suffield wrote:
On Tue, Jan 22, 2002 at 11:42:49AM +, Colin Phipps wrote:
On Tue, Jan 22, 2002 at 01:59:44AM +0100, Christian Jaeger wrote:
I just wanted to point it out here, since I wasn't sure whether I
should file a bug report against fakeroot for writing suid through,
23 matches
Mail list logo