In <20000219193007.T219@bug.ucw.cz> Pavel Machek (pavel@suse.cz) wrote:
> Hi!
>> #define CAP_DAC_READ_SEARCH 2
>>
>> Hmm. OK, I can now read any file on the system. Read /etc/shadown,
>> crack passwords from there. SOrry, there isn't any quicker way.
> Unless passwords are properly choosen. But there's better way: read
> someone's .ssh/identity and become him ;).
Hmm ?
-- cut --
[khim@dell khim]$ ls -al ~/.ssh
итого 12
drwxr-sr-x 2 khim khim 1024 Feb 6 1999 .
drwxrwsr-x 49 khim khim 5120 Feb 18 16:29 ..
-rw------- 1 khim khim 5003 Feb 20 00:06 known_hosts
-rw------- 1 khim khim 512 Feb 20 00:06 random_seed
[khim@dell khim]$ su -
Password:
[root@dell /root]# grep ^khim: /etc/shadow
khim:!:10719:0:99999:7:-1:-1:500
-- cut --
>> #define CAP_NET_BIND_SERVICE 10
>>
>> - Bind to the portmapper, distract clients to my own nfs server.
>> have clients to nasty things (to make me root)
>> - rsh into local machine with false credentials.
> This is actually capability I think is usefull. If you dont have rsh
> on your machine, and portmapper is already running, you got nothing.
>> #define CAP_NET_ADMIN 12
>>
>> Mjam. Ifconfig an interface to an IP of a trusted host. Dump
>> packets on the net until I see "root" login?
> When root is using ssh? No way to get root from this one.
> Pavel
Arrgh. Default config for KSI-Linux, for example is: NO r* services, NO
telnet, NO ftpd and NO pop3/imap4. The only uncommented services in
/etc/inetd.conf are talk & identd. And KSI-Linux is not even kind of
"secure linux" distribution.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST