Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Oct 2014 11:34:03 +0200
From: Dag-Erling Smørgrav <des@....no>
To: oss-security@...ts.openwall.com
Subject: Re: Abusing TZ for fun (and little profit)

Dave Horsfall <dave@...sfall.org> writes:
> Perhaps I've missed something here, but surely if you have "sudo"
> privileges then you can read the file for yourself?

Not necessarily; sudo can be used to grant users or groups of users
permission to run a specific command, which would not necessarily allow
them to read arbitrary files.

> And if you're trying to trace a set-uid program then it won't work
> anyway?  Neither my Mac nor my FreeBSD box have "strace", and my
> Penguin is dead, so I cannot verify this.

FreeBSD has ktrace instead, which is far more capable.

DES
-- 
Dag-Erling Smørgrav - des@....no

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ