Potential Hack in sudo?
torriem at chem.byu.edu
Sat Apr 14 23:46:45 MDT 2007
On Sat, 2007-04-14 at 23:35 -0600, Steve wrote:
> Hey there everyone,
> I don't know if this is useful or not, but I just fired up an old
> linux box that I had forgotten the root password for.
> Fortunately I was able to remember my user password.
> Once I logged in I tried to su, but that failed because I couldn't
> remember the root password (duh!), so I tried to sudo but that failed
> as well.
Hmm. Is this an ubuntu-specific vulnerability/hack? What exactly does
this doe? Are you implying anyone can get local root?
> Finally out of desperation I tried this,
> touch ~/.sudo_as_admin_successful
> sudo /bin/bash
> su root
> passwd "mynewpassword"
> And it worked!
> I don't think there is much danger in this, but if you ever lose your
> root passwd for whatever reason it's nice to know that this neat
> little trick appears to work (well at least for me)
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG