Well folks i'ld like share some knowlegde if it helps you. First of all
let me declare that i won't tell you the exact file name and distros.
Please don't take it otherwise.
First of all getting into linux single user mode and changing root
password is NOT an intelligent trick. It was there, it is there and it
will be there. This is a safety-valve used against some forgetful admins
who may forget his/hers root password. And the second thing is in a live
environment it is not possible for a user to enter into a server room
(because room are generally locked with magnetic access cards, so that
only valid users can enter into it), and can reboot a system into single
user mode to change root password. It is silly. Only a moron will think
of doing it. Shutting down a live system for just for few minutes will
cost millions of $s. so in general servers are kept inside a rack which
is again has a digital combination lock. I'm telling all these
considering a moron has got access to a server room to reboot a system.
Anyway a cracker don't even need to enter into a server room if he/she
has console access. A cracker can execute any command on which he/she
doesn't have permission to execute using several local exploits. I'm
giving an example for which the cracker doesn't need to write any
program he/she needs to call only one *.so file. using the
/lib/ld-2.*.so file one cracker can execute the any command. Suppose
following is an environment :-
cracker does NOT have root preveleges on this account:
[00:59:[EMAIL PROTECTED]:~]:$id
uid=1000(cracker) gid=10(wheel) groups=10(wheel),16(trust)
but when a cracker will try to run it with /lib/ld-2.*.so:
[EMAIL PROTECTED] cracker]$ /lib/ld-2.*.so <binary name>
he/she can run it easily. The most interesting part of this
vulnerability is running binaries on partitions mounted with
noexec.
And this is not a very old problem.
--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3
