Re: Permission policy
Ruud de Rooij <ruud@ruud.org> wrote:
>
> (of course, this attack can be prevented using mount options to
> disable setgid executables on all filesystems where users have write
> access)
But the user can still leave a process running with the privileges after he
logs out. Now whenever he logs in from anywhere else in the world, he can
request the privileges from that process.
--
Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: