Bob Proulx writes:
> Right. Because normal users can't change the system time.
Sorry, wrong. With 'folk ALL=(ALL) ALL', user folk can run as root ANY
program including 'date -s'. Or at least 'sudo bash', and then live
happy with a shell executed with the root id.
If your /etc/sudoers contains 'yourusername ALL=(ALL) ALL' try running
sudo date 20000101
and feel younger ;)
> If they
> could other attacks would also be possible.
Since they can change the date...
--
/\ ___ Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_____ African word
//--\| | \| | Integralista GNUslamico meaning "I can
\/ coltivatore diretto di software not install
giĆ sistemista a tempo (altrui) perso... Debian"
Warning: gnome-config-daemon considered more dangerous than GOTO
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/21161.33922.503228.572...@mail.eng.it
