> Hey there, > > Ok just hold on: > > What would be the advantages of exploiting something which would spawn the "slocate" group privileges? Maybe browsing users' directories? No root yet... [seifried@vomit seifried]$ ls -l /usr/bin/slocate -rwxr-sr-x 1 root slocate 25020 Jun 25 2001 /usr/bin/slocate I am group slocate. I can write to slocate binary. root runs slocate (well, locate, which is a link to slocate). I think that might be a problem. > -- mips Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.idefense.com/digest.html
This archive was generated by hypermail 2b30 : Sat Feb 16 2002 - 09:04:12 PST