Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] security dude....the puto story
- To: tlug@example.com
- Subject: [tlug] security dude....the puto story
- From: Pietro Zuco <pietrozuco@example.com>
- Date: Sat, 23 Feb 2002 16:38:51 +0100
- Content-transfer-encoding: 8bit
- Content-type: text/plain; charset="utf-8"
- In-reply-to: <20020222161027.I1435@example.com>
- Organization: Matrix
- References: <20020218172903.J1556@example.com> <20020222154504.3801.HIYORI13@example.com> <20020222161027.I1435@example.com>
- Reply-to: pietrozuco@example.com
Hi TLUG Folks. I just was playing with users in my system and I created a user called puto. There are two stories about two security situations, sorry if the text is too long :-) STORY 1 I don't understand a thing that in my ignorance I consider a bad security behavior. The steps I did was: 1. useradd puto 2. passwd puto 3. logged as puto 4. I added in the .bashrc file at the end "mc" because I wanted that every time that puto login the mc starts 5. I thought that puto can change this situation so I became root with su command. I typed chown root.root .bashrc 6. The .bashrc file has 644 atributes, list with ls -l and I confirm that the .bashrc file now is of user root and group root 7. exit root so I'm puto again 8. edit the .bashrc file with vi 9. The vi alerts me that the file is read-only 10. I change the content of the file and put the mc line in comment 11. quit vi with wq! option, and it says "written!!" 12. list with ls -l I surprise because the file .bashrc now is of puto again! the user and group are puto and puto! How can puto change the propietary of the .bashrc file? STORY 2 1. I'm logged as puto 2. I became root with su command 3. In the puto directory I created a text file called helloroot with some stupid text. 4. I list with ls -l and the file was of root and group root. 5. I exit root and became puto again. 6. I created a dir in the puto home dir called putodir 7. I changed to that directory 8. I created a text file with the same name I used before, "helloroot" with some other stupid text again. 9. I copy that file into the puto home dir with de -f option "cp -f helloroot /home/puto" 10. Change to puto home dir 11. I listed with ls -l and the helloroot file now is of user puto and group puto and was overwrited. I think it do not have to happend because that file was of root isn't it? Again I don't understad. Maybe all this is because the puto home dir is of user puto and group puto? Thankyou in advance and sorry for le long file. Pietro. ______________________________________________________________________________ mensaje enviado desde http://www.iespana.es emails (pop)-paginas web (espacio ilimitado)-agenda-favoritos (bookmarks)-foros -Chat
- Follow-Ups:
- Re: [tlug] security dude....the puto story
- From: Shimpei Yamashita
- Re: [tlug] security dude....the puto story
- References:
- Re: [tlug] Login/SSH Scan Detection
- From: Matt Doughty
- [tlug] grub vs lilo
- From: YAMAGATA Hiroo
- Re: [tlug] grub vs lilo
- From: Matt Doughty
- Re: [tlug] Login/SSH Scan Detection
- Prev by Date: Re: [tlug] hacking a camera
- Next by Date: Re: [tlug] security dude....the puto story
- Previous by thread: Re: [tlug] grub vs lilo
- Next by thread: Re: [tlug] security dude....the puto story
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |