On Tue, May 23, 2006 at 06:42:08PM +0800, eric draven wrote: > On 5/23/06, Zak B. Elep <[EMAIL PROTECTED]> wrote: > > > >On 5/23/06, Norbert P. Copones <[EMAIL PROTECTED]> wrote: > >> we all know that sudo is setuid 0 ;-) it means a bug in sudo will not > >> surely put them in nowhere-land. but in fact, can possibly give them the > >> power to escape out of the chroot. if you're uid 0, chroot or not, the > >> possibilities are vast :-) > > > >True enough, but `sudo' is only as powerful enough as the chroot > >allows it to, uid 0 or not. Fortunately for us, we don't get too many > >bugs on sudo very very often... > > not too many bugs? * shivers *
A local exploit for sudo is the golden ticket. Bugs in it will be found quickly. Michael -- Michael Darrin Chaney [EMAIL PROTECTED] http://www.michaelchaney.com/ _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
