> You know I didn't put that much thought into it, but I think I guess > it counts as a semi-vulnerability for any OS that has a sudo'rs group. > It's also not ubuntu, it's just an old gentoo box, I dragged out of the > garage. > AFAIK ubuntu has no root account, so the "hack" would be essentially > pointless.
Last time I used it, it had a root user, but login was disabled. > > This isn't really supposed to be a vulnerability report, I'm just > posting a quick FYI on how I just rooted my own box, in case anyone > else ever runs into a similar need :) > > Anyways try it on your own box and see if it works. > I believe any distro that has sudo and a user in the sudoers file with ALL access, you can just: sudo su - or even: sudo -s and then you're logged in as root and you can run passwd, etc. And I think it's pretty common on distro's like Ubuntu and Knoppix where you can't login as root to do that to get a root shell. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
