This commit is contained in:
Leo
5
sheet05/a3/b.txt
Normal file
5
sheet05/a3/b.txt
Normal file
@@ -0,0 +1,5 @@
|
||||
The script runs with root privileges because the setuid bit is set.
|
||||
Since it just asks for a username and saves the new hash to /etc/shadow,
|
||||
and there is no validation checking if the user running the program is actually changing their own password,
|
||||
someone could simply run the program, type root as the username, and set a new password for the root user.
|
||||
The script would then overwrite the actual root password in /etc/shadow.
|
||||
Reference in New Issue
Block a user