5 lines
433 B
Plaintext
5 lines
433 B
Plaintext
The script runs with root privileges because the setuid bit is set.
|
|
Since it just asks for a username and saves the new hash to /etc/shadow,
|
|
and there is no validation checking if the user running the program is actually changing their own password,
|
|
someone could simply run the program, type root as the username, and set a new password for the root user.
|
|
The script would then overwrite the actual root password in /etc/shadow. |