search for: ctelcom

From: Wade Maxfield <maxfield@ctelcom.net> > Many thanks to the moderator who pointed out errors and suggested the > correct information on this post. Over half the ideas are due to him. ;) > 1. Programs put data in local variables in functions. These variables > are on the computer stack. Feeding data to thos...

While sudo is used to give fairly trusted users the ability to run programs with root privs, there exists a hole in the one in the RedHat contrib directory (sudo 1.5.9.p4) which allows a minimally trusted user to obtain full root access and privilege. If a user is given the opportunity to run any program, that user can fool sudo and obtain any level of privilege for any executable. Assume

Many thanks to the moderator who pointed out errors and suggested the correct information on this post. Over half the ideas are due to him. ;) Don't forget this is about writing your own daemon or TCP program. Some of the ideas here will not happen with today's software that has been hardened. It is presented to prevent your software from being taken advantage of. Most often,

...1 Dec 1999 02:09:25 +0100 (GMT--1:00) To: hgtaesml@umail.furryterror.org (Zygo Blaxell) Cc: <linux-security@redhat.com> Subject: [linux-security] Re: Programming ... In-Reply-To: <slrn847rok.dhq.zblaxell@washu.furryterror.org> References: <Pine.LNX.4.10.9911270940190.3182-100000@one.ctelcom.net> <m3iu2n4mlc.fsf@jfog-bb.dep.no> <slrn847rok.dhq.zblaxell@washu.furryterror.org> X-Mailer: VM 6.67 under 21.1 (patch 4) "Arches" XEmacs Lucid Zygo Blaxell wrote: > Deleting files in /tmp (or a user's home directory, for that matter) > is not a trivial ope...

...one, CIPE and IP Tunnel (ipip.o) are others off the top of my head. Dave -- Dave Sifry, Chief Technical Officer LinuxCare, Inc. 415 831-9507 tel, 415 831-9763 fax dsifry@linuxcare.com, http://www.linuxcare.com/ LinuxCare, The Leader in Linux Support From: "Danyell Wilt" <danyell@ctelcom.net> To: "Matthew S. Crocker" <matthew@crocker.com> Cc: <linux-security@redhat.com> Subject: [linux-security] Re: compare / contrast of linux fw and others Date: Wed, 28 Oct 1998 09:17:45 -0600 >Can you do VPN with your linux solution. I love linux and have setup >s...

I did not understand the man pages for sudo and incorrectly interpreted the results. I interpreted the ALL to apply to all commands defined in the sudoers file. Basically, I'm an idiot, but here is the chain I followed, and the correct interpretation. In the man pages on sudo, it says the following: A User_List is made up of one or more usernames, uids (prefixed with