You know I didn't put that much thought into it, but I think I guess it counts as a semi-vulnerability for any OS that has a sudo'rs group. It's also not ubuntu, it's just an old gentoo box, I dragged out of the garage. AFAIK ubuntu has no root account, so the "hack" would be essentially pointless.
This isn't really supposed to be a vulnerability report, I'm just posting a quick FYI on how I just rooted my own box, in case anyone else ever runs into a similar need :) Anyways try it on your own box and see if it works. On 4/14/07, Michael Torrie <[EMAIL PROTECTED]> wrote:
On Sat, 2007-04-14 at 23:35 -0600, Steve wrote: > Hey there everyone, > I don't know if this is useful or not, but I just fired up an old > linux box that I had forgotten the root password for. > Fortunately I was able to remember my user password. > Once I logged in I tried to su, but that failed because I couldn't > remember the root password (duh!), so I tried to sudo but that failed > as well. Hmm. Is this an ubuntu-specific vulnerability/hack? What exactly does this doe? Are you implying anyone can get local root? > > Finally out of desperation I tried this, > > touch ~/.sudo_as_admin_successful > sudo /bin/bash > su root > passwd "mynewpassword" > > And it worked! > > I don't think there is much danger in this, but if you ever lose your > root passwd for whatever reason it's nice to know that this neat > little trick appears to work (well at least for me) > > Regards, > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
