[sork] Debian package, sork - passwd.
Eric Rostetter
eric.rostetter at physics.utexas.edu
Sat Sep 3 11:01:24 PDT 2005
Quoting Lionel Elie Mamane <lmamane at debian.org>:
> > A bit of a security concern,
>
> The only concern I could think of is if the user (having already
> successfully authenticated!) manages to trigger a buffer overflow in
> passwd or something like that. As a setuid-root program, this would
> mean that particular Unix (or Unix clone) would have a local root
> privilege escalation problem anyway.
Yes, and by making it the default shell you've made it a remote root
escalation problem instead of a local one...
Basically someone could brute-force the account, change the password,
lock out the legit owner, and take over the account for their own use.
The only difference between this and the normal brute-force is the locking
out of the actual owner of course.
> --
> Lionel
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the sork
mailing list