Also sudo vi, :!bash. That's why you need to be aware of what sudo access you're granting - it's more useful as a tool for keeping audit logs - together with remote syslogging - for well-meaning administrators than it is at stopping people from getting root.
cheers, Jamie 2011/1/18 我是王子 <[email protected]>: > hello, > > I found a bug, > > run [sudo strace su] command can get root privileges without any password. > > bill > > ------------------ Original ------------------ > From: "Steve Beattie"<[email protected]>; > Date: Thu, Jan 13, 2011 08:01 PM > To: "ubuntu-security-announce"<[email protected]>; > Cc: "full-disclosure"<[email protected]>; > "bugtraq"<[email protected]>; > Subject: [USN-1042-2] PHP5 regression > > -- > ubuntu-security-announce mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Jamie Riden / [email protected] / [email protected] http://uk.linkedin.com/in/jamieriden / Mobile: 07545 502 598 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
