I do not have a working example yet but I believe that privileges can
also be escalated with the following method.
The problem is the following command in do_dump_data
echo do_jitconv $SESSION_DIR/opd_pipe
SESSION_DIR can be controlled by the --session-dir option so a malicious
user could
I just found 2 more ways to execute arbitrary commands via sudo opcontrol
# Method 1 ##
The problem is in the functions do_save_setup() where multiple values
are saved in the shell script /root/.oprofile/daemonrc.
That file is sourced in do_load_setup() by
Package: oprofile
Version: 0.9.6-1.1
I found a way to execute arbitrary commands when using opcontrol via
sudo. I realize that sudoing shell scripts is a bad idea (the oprofile
FAQ discourages the use of sudo) but sudo is nevertheless a common
advice on internet to provide oprofile to a user
I believe that I have a workaround.
The problem appears to be related to an NFS problem on the 2.6.24 kernel
when ssh calls xauth.
Upgrading the kernel may help.
If you can't upgrade then the trick is to use a different .Xauthority
file on each server.
That can be done from the client side as
4 matches
Mail list logo