| user9d | # this allows an attacker to make a poor ordinary user 0% able to do things they love to do on their computer [through the terminal]: | 08:06 |
|---|---|---|
| user9d | printf '\n\n\nalias sudo=""\n\n\n' | tee -a /home/user9d/.bashrc | 08:06 |
| konstruktoid | but you still need sudo perms | 09:47 |
| konstruktoid | and if the attacker got user shell access, i assume there's missing patches as well | 09:48 |
| user9d | hmmm | 14:11 |
| user9d | konstruktoid: by "missing patches" you mean the /etc/sshd.conf [?] ssh server configuration that allowed auto-login to the user shell? | 14:13 |
| tomreyn | user9d: i would assume that konstruktoid meant that an unauthorized user should not be able to get system access in the first place. | 14:52 |
| tomreyn | (and would have had to resort to hacking their way in through vulnerabilities in outdated software) | 14:54 |
| konstruktoid | Yeah, and if they get local access, it's because of lack of management (sshd config, weak passwords, ... ) and thus there's most likely unpatched local vulnerabilities (e.g. a kernel on an system that needs a reboot) | 14:57 |
| konstruktoid | But sure, free sudo is always nice. | 14:58 |
| konstruktoid | But that also requires NOPASSWD otherwise the user would probably notice it (hopefully) | 14:58 |
| === Eickmeyer is now known as NotEickmeyer | ||
| === OpenSource is now known as Linux | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!