Hi,
Kevin van Haaren wrote:
>
> if I:
> ssh in as a user account
> su root
have a look at this:
[EMAIL PROTECTED]:~$ su
Password:
debian:/home/ralf# set | grep LOGNAME
LOGNAME=ralf
debian:/home/ralf# exit
[EMAIL PROTECTED]:~$ su -
Password:
debian:~# set | grep LOGNAME
LOGNAME=root
"su" !=
At 5:11 PM +1300 1/22/02, Adam Warner wrote:
1. Log in as root
2. su - user
3. startx (running KDE, not GNOME)
4. Click on the Control Center
5. There in the Control Center info box it will state that the user is
root!
Why does the KDE Control Center think the user is currently root? In
contrast
Florian Weimer wrote:
> Adam Warner <[EMAIL PROTECTED]> writes:
>
> > 1. Log in as root
> > 2. su - user
>
> Does "su -" write a new utmp entry? I don't think so.
NO - unfortunately not
But an entry in your log-messages exists - but - of course that depends on your
personal config...
Greetz
Adam Warner <[EMAIL PROTECTED]> writes:
> 1. Log in as root
> 2. su - user
Does "su -" write a new utmp entry? I don't think so.
--
Florian Weimer[EMAIL PROTECTED]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +4
Hi,
Kevin van Haaren wrote:
>
> if I:
> ssh in as a user account
> su root
have a look at this:
ralf@debian:~$ su
Password:
debian:/home/ralf# set | grep LOGNAME
LOGNAME=ralf
debian:/home/ralf# exit
ralf@debian:~$ su -
Password:
debian:~# set | grep LOGNAME
LOGNAME=root
"su" != "su -"
wha
At 5:11 PM +1300 1/22/02, Adam Warner wrote:
>1. Log in as root
>2. su - user
>3. startx (running KDE, not GNOME)
>4. Click on the Control Center
>5. There in the Control Center info box it will state that the user is
>root!
>
>Why does the KDE Control Center think the user is currently root? In
>
Florian Weimer wrote:
> Adam Warner <[EMAIL PROTECTED]> writes:
>
> > 1. Log in as root
> > 2. su - user
>
> Does "su -" write a new utmp entry? I don't think so.
NO - unfortunately not
But an entry in your log-messages exists - but - of course that depends on your
personal config...
Greet
Adam Warner <[EMAIL PROTECTED]> writes:
> 1. Log in as root
> 2. su - user
Does "su -" write a new utmp entry? I don't think so.
--
Florian Weimer[EMAIL PROTECTED]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +
On Wed, 2002-01-23 at 00:35, Preben Randhol wrote:
> Adam Warner <[EMAIL PROTECTED]> wrote on 22/01/2002 (10:00) :
> > Here's how you can reproduce it (running Debian unstable):
> >
> > 1. Log in as root
> > 2. su - user
>
> if you here write whoami instead of starting X what does it say?
As exp
Adam Warner <[EMAIL PROTECTED]> wrote on 22/01/2002 (10:00) :
> Here's how you can reproduce it (running Debian unstable):
>
> 1. Log in as root
> 2. su - user
if you here write whoami instead of starting X what does it say?
Preben
--
() Join the worldwide campaign to protect fundamental hum
On Tue, 2002-01-22 at 23:31, martin f krafft wrote:
> also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.22.0511 +0100]:
> > I realise now that I have witnessed this kind of issue before ("In some
> > circumstances, it's possible for a non-privileged process to have `root'
> > as the login name r
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.22.0511 +0100]:
> I realise now that I have witnessed this kind of issue before ("In some
> circumstances, it's possible for a non-privileged process to have `root'
> as the login name returned by getlogin.")
okay, and that does it for me. can y
On Wed, 2002-01-23 at 00:35, Preben Randhol wrote:
> Adam Warner <[EMAIL PROTECTED]> wrote on 22/01/2002 (10:00) :
> > Here's how you can reproduce it (running Debian unstable):
> >
> > 1. Log in as root
> > 2. su - user
>
> if you here write whoami instead of starting X what does it say?
As ex
Adam Warner <[EMAIL PROTECTED]> wrote on 22/01/2002 (10:00) :
> Here's how you can reproduce it (running Debian unstable):
>
> 1. Log in as root
> 2. su - user
if you here write whoami instead of starting X what does it say?
Preben
--
() Join the worldwide campaign to protect fundamental hu
On Tue, 2002-01-22 at 23:31, martin f krafft wrote:
> also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.22.0511 +0100]:
> > I realise now that I have witnessed this kind of issue before ("In some
> > circumstances, it's possible for a non-privileged process to have `root'
> > as the login name
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.22.0511 +0100]:
> I realise now that I have witnessed this kind of issue before ("In some
> circumstances, it's possible for a non-privileged process to have `root'
> as the login name returned by getlogin.")
okay, and that does it for me. can
On Tue, Jan 22, 2002 at 05:11:45PM +1300, Adam Warner wrote:
> Why does the KDE Control Center think the user is currently root? In
> contrast the GNOME Control Center properly identifies the username.
Perhaps KDE uses getlogin(2) ?
--
Leo Howell M5AKW
On Tue, Jan 22, 2002 at 05:11:45PM +1300, Adam Warner wrote:
> Why does the KDE Control Center think the user is currently root? In
> contrast the GNOME Control Center properly identifies the username.
Perhaps KDE uses getlogin(2) ?
--
Leo Howell M5AKW
On Tue, 2002-01-22 at 05:26, martin f krafft wrote:
> this is a proof-of-concept post. it's a FreeBSD exploit, thus it may or
> may not have been, be, or will be applicable to Debian Linux or Linux in
> general. you have been warned. properly.
>
> http://www.aerasec.de/security/index.html?id=ae-20
On Tue, 2002-01-22 at 05:26, martin f krafft wrote:
> this is a proof-of-concept post. it's a FreeBSD exploit, thus it may or
> may not have been, be, or will be applicable to Debian Linux or Linux in
> general. you have been warned. properly.
>
> http://www.aerasec.de/security/index.html?id=ae-2
20 matches
Mail list logo
