Potential Hack in sudo?

Michael Torrie torriem at chem.byu.edu
Sat Apr 14 23:46:45 MDT 2007


On Sat, 2007-04-14 at 23:35 -0600, Steve wrote:
> Hey there everyone,
> I don't know if this is useful or not, but I just fired up an old
> linux box that I had forgotten the root password for.
> Fortunately I was able to remember my user password.
> Once I logged in I tried to su, but that failed because I couldn't
> remember the root password (duh!), so I tried to sudo but that failed
> as well.

Hmm.  Is this an ubuntu-specific vulnerability/hack?  What exactly does
this doe?  Are you implying anyone can get local root?

> 
> Finally out of desperation I tried this,
> 
> touch ~/.sudo_as_admin_successful
> sudo /bin/bash
> su root
> passwd "mynewpassword"
> 
> And it worked!
> 
> I don't think there is much danger in this, but if you ever lose your
> root passwd for whatever reason it's nice to know that this neat
> little trick appears to work (well at least for me)
> 
> Regards,
> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
> 




More information about the PLUG mailing list