| 1 |
On 07/29/2018 09:16 PM, Ulrich Mueller wrote: |
| 2 |
> |
| 3 |
> Staying with the man:man example, how would anybody become the "man" |
| 4 |
> user, in the first place? That user has /bin/false as a shell and no |
| 5 |
> valid password. |
| 6 |
|
| 7 |
One way would be to exploit a process that's running as the "man" user. |
| 8 |
Ostensibly such a thing is possible; otherwise we wouldn't be dropping |
| 9 |
privileges in the first place. |
| 10 |
|
| 11 |
The shell/password settings for that user are also in no way guaranteed. |
| 12 |
|
| 13 |
But on principle: who cares, non-root users shouldn't be able to gain |
| 14 |
root =) |
| 15 |
|
| 16 |
|
| 17 |
> Setgid executables shouldn't be group writable |
| 18 |
|
| 19 |
Why not? I'm happy to pull that part back out. |
Archives