Potential Hack in sudo?

Steve smorrey at gmail.com
Sat Apr 14 23:35:55 MDT 2007


Hey there everyone,
I don't know if this is useful or not, but I just fired up an old
linux box that I had forgotten the root password for.
Fortunately I was able to remember my user password.
Once I logged in I tried to su, but that failed because I couldn't
remember the root password (duh!), so I tried to sudo but that failed
as well.

Finally out of desperation I tried this,

touch ~/.sudo_as_admin_successful
sudo /bin/bash
su root
passwd "mynewpassword"

And it worked!

I don't think there is much danger in this, but if you ever lose your
root passwd for whatever reason it's nice to know that this neat
little trick appears to work (well at least for me)

Regards,



More information about the PLUG mailing list