Re: Re: Todd Miller Sudo local root exploit discovered by Slouching

From: noone@nothing.com
To: bugtraq@securityfocus.com
Cc:
Subject: Re: Re: Todd Miller Sudo local root exploit discovered by Slouching
Date:


I believe what andy was alluding to was, why post on bugtraq with a subject Sudo local exploit discovered. Its not a sudo local root exploit, its an exploit in a misconfigured sudo file. You can post it as a new exploit technique for a misconfiguration, and i'm sure all the vuln and pen guys would be happy.

In my opinion, its a good technique to check for and i will use it in my arsenal of things to look for in terms of admin misconfigs but since its not in the default config on sudo, you'd have to e an idiot to not fully path out a commnd you are giving root access for... 

Anyway think about how you phrase things next time. 





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.