Archive for April, 2010
Lunch
by Nick on Apr.23, 2010, under Frivolous
Three Lunches for the executive offices in the sky
Seven for middle management stuck on the phone
Nine for salesmen, doomed to lie
One for the CEO who eats alone
In the land of Mordor where the Gyros lie
One lunch to feed them all, One to then unwind them
One lunch to make their bowels crawl, and on the toilet bind them
In the land of Mordor where the Gyros lie.
Sud’oh!
by Nick on Apr.16, 2010, under Administration, News, Security
“Sudo’s command matching routine expects actual commands to include one or more slash (‘/’) characters. The flaw is that sudo’s path resolution code did not add a “./” prefix to commands found in the current working directory. This creates an ambiguity between a “sudoedit” command found in the cwd and the “sudoedit” pseudo-command in the sudoers file. As a result, a user may be able to run an arbitrary command named “sudoedit” in the current working directory. For the attack to be successful, the PATH environment variable must include “.” and may not include any other directory that contains a “sudoedit” command.”
(From http://portaudit.FreeBSD.org/1a9f678d-48ca-11df-85f8-000c29a67389.html)
I actually read about this on Full Disclosure. This is very similar to an earlier exploit. Sudo is a great tool, but you always have to be *very* careful who you give sudo access to.
Time Devourer
Welcome to my blog. I'm sure it's just like any other blog except for one important difference, it's mine.
You can also subscribe by email by filling the field below:
Are you using IPv6?
Google Stats
3Unique
VisitorsPowered By
On Jabber?
