On 4/12/19 5:56 PM, Vladimir Marek wrote: > It escapes me how changing your own $PATH makes another user execute > files in /tmp. And if someone has /tmp in $PATH moreover before anything > else (or . for that matter) he deserves it. Right?
I assume the idea is to escalate write access to another user's account, to password-guarded sudo access. And yes, that too means you're already screwed in many, many ways. There are far too many ways to trick a user into entering their login password in order to grab sudo credentials. -- Eli Schwartz Arch Linux Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
