Hi, Christian Jaeger wrote: > > Hmm, I'm wondering if it's any better: if the attacker manages code > to run in the chrooted daemon, I suspect he can also advise the part > running as root to open up a new root connection? Isn't it that the > separation simply protects against direct shell launch attacks? Well > I'm not educated enough to know, just wondering.
just imagine: i login as root. su to ralf (man su) ralf executes any buggy programm, where someone else can insert shellcode. (e.g. chmod 777 /home/ralf -R; /home/ralf/myshellscript.sh) this shellcode is executed as user ralf, not as user root. there is no chance to execute the shellcode, which inserted any other user in /home/ralf/myshellscript.sh) as root, although i logged in as root. (if we assume that there is no bug in "su") bye Ralf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
