On 12/02/2009 10:09 AM, Dave Ihnat wrote:
Secondly, once you (as the bad guy) get a user to run something for you,
you can start poking at the system itself. In this case, you're looking
for a flaw in the system security itself--either misconfiguration, or
an actual hole in some program or service that a normal user can run
or use.
As has been pointed out, however, serious damage can be done even if the
cracker never gets root privileges. One could install new extensions to
Firefox, for example, that would give the cracker access to passwords.
Or install programs into the user's home directory, run them from
.bash_profile, or whatever, and send spam around the world just using
"mail", the messages themselves being downloaded via wget. Etc, etc. All
very dangerous.
Richard
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
