In a message dated: Thu, 22 Jun 2000 13:41:01 EDT
Bob Bell said:
>On Thu, Jun 22, 2000 at 01:28:03PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote
>:
>> No, but you could su to pll, then use yppasswd to change my password and
>> thereby gain access to my sudo priviledges, which most likely give you any
>> access you need on any machine at all. All this would be mostly impossible
>if
>> root access weren't compromised in the first place.
>
> I'm still curious how being root on my machine can lead to getting
>access to another users files on their machine or a common server. On
>Tru64, at least, yppasswd asks for the old NIS password. Wouldn't
>this prevent me from gaining access unless I actuall know the current
>password?
Does it ask you for the old NIS passwd if you:
bell@foo> su
root@foo> yppasswd pll
?
Linux only asks you for the root password, which you already know, it does not
ask you for the users old passwd. Solaris doesn't even ask you for that,
since it knows you're root, you must be okay :)
--
Seeya,
Paul
----
"I always explain our company via interpretive dance.
I meet lots of interesting people that way."
Niall Kavanagh, 10 April, 2000
If you're not having fun, you're not doing it right!
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
