[Bug 653743] New: terminal, expect, script, root
https://bugzilla.novell.com/show_bug.cgi?id=653743 https://bugzilla.novell.com/show_bug.cgi?id=653743#c0 Summary: terminal, expect, script, root Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: All OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: doommedraven@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=400325) --> (http://bugzilla.novell.com/attachment.cgi?id=400325) script on expect User-Agent: Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.2.13pre) Gecko/20101113 Ubuntu/10.10 (maverick) Namoroka/3.6.13pre in the system openSUSE 11.1 - 11.3 there was the found problem of safety, which allows executes dear commands from privileges root, and more precisely commands in a middle script on expect, without knowledge of password of administrator, looking the decision of this problem, I think decision it is in in a line 35 and a 36 file of sudoers 35 defaults targtpw 36 all all=(all) all problem is 5 min after each input admin password script which I tried to add below Reproducible: Always Steps to Reproduce: 1. i enter the script, with all the comands that only the administator has 2. i dont enter the password 3. and you do everything without password Actual Results: working everything without password Expected Results: ask for the passwd or give a mistake -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=653743
https://bugzilla.novell.com/show_bug.cgi?id=653743#c1
Andriy Brukhovetskyy
https://bugzilla.novell.com/show_bug.cgi?id=653743
https://bugzilla.novell.com/show_bug.cgi?id=653743#c
Andriy Brukhovetskyy
https://bugzilla.novell.com/show_bug.cgi?id=653743
https://bugzilla.novell.com/show_bug.cgi?id=653743#c2
Thomas Biege
participants (1)
-
bugzilla_noreply@novell.com