Date: Thu, 16 Oct 2014 11:34:03 +0200 From: Dag-Erling Smørgrav <des@....no> To: oss-security@...ts.openwall.com Subject: Re: Abusing TZ for fun (and little profit) Dave Horsfall <dave@...sfall.org> writes: > Perhaps I've missed something here, but surely if you have "sudo" > privileges then you can read the file for yourself? Not necessarily; sudo can be used to grant users or groups of users permission to run a specific command, which would not necessarily allow them to read arbitrary files. > And if you're trying to trace a set-uid program then it won't work > anyway? Neither my Mac nor my FreeBSD box have "strace", and my > Penguin is dead, so I cannot verify this. FreeBSD has ktrace instead, which is far more capable. DES -- Dag-Erling Smørgrav - des@....no
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ