Potential Hack in sudo?
Derek Burdick
derek at burdick.cc
Mon Apr 16 11:09:27 MDT 2007
Steve wrote:
>
> touch ~/.sudo_as_admin_successful
> sudo /bin/bash
> su root
> passwd "mynewpassword"
>
> And it worked!
>
.sudo_as_admin_successful just suppresses the sudo help:
http://ubuntuforums.org/showthread.php?p=1406199
sudo /bin/bash made you root
su root is redundant
passwd changed the password of the root user since you are root from the
sudo command.
Seems like everything is working as it is supposed to. sudo is
configured on your machine to not require a password.
Derek
More information about the PLUG
mailing list