On Mon, 2003-12-01 at 14:14, Vineet Kumar wrote: > * Thanasis Kinias ([EMAIL PROTECTED]) [031201 11:03]: > > BTW, if someone has compromised your system to the extent of being able > > to put a trojaned passwd in /usr/local/bin, he can put it in /usr/bin, > > too. > > Not necessarily. In order to put something in /usr/local/[s]bin, I just > need to get an account with group staff. Depending on who's in that > group (and how many are in that group), this may be significantly easier > than getting root. Ok, that *IS* the point... if you are using your local machine and you want custom schkit... then you get into the proper ground and make the changes yourself, rather than tie the admin up.
> [EMAIL PROTECTED]:~$ ls -l /usr/local > total 32 > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 bin > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 games > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 include > drwxrwsr-x 8 root staff 4096 2003-11-26 14:51 lib > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 man > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 sbin > drwxrwsr-x 3 root staff 4096 2003-11-11 18:10 share > drwxrwsr-x 2 root staff 4096 2003-11-11 02:42 src -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
signature.asc
Description: This is a digitally signed message part
