On Friday, March 24 at 07:05 PM, quoth Dave Korn:
Here is a simple hack to break sudo and su to get free root. Add this to ~/.bashrc and fill in the following blanks:* ~/.root_kit/rk_su Your hacked su to give root on su --now-dammit * ~/.root_kit/silent_install_root_kit Your script to silently install rk_su over /bin/su and add SUID to it.So, in other words, all you need in order to get root access is a rootkit, your shell script, and root access? Ummm... I don't get it.
More precisely, if I have access to your bashrc and you have access to sudo, I can give myself permanent root access (I don’t need to know your password).
~Kyle --Well, I've wrestled with reality for over thirty five years, doctor, and I'm happy to state I finally won out over it.
-- Jimmy Stewart, in "Harvey"
Attachment:
pgpnuK3O1gW9O.pgp
Description: PGP signature