LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 06-08-2011, 09:19 PM   #1
Cultist
Member
 
Registered: Feb 2010
Location: Chicago, IL
Distribution: Slackware64 14.1
Posts: 777

Rep: Reputation: 102Reputation: 102
Think I might have just hit a privilege escalation bug


I was logged into my regular user account, and decided I needed to do some stuff in console. So I hit ctrl+alt+backspace to kill KDE and drop to terminal. Soon as it dropped, I hit su, and started entering my password. But before I even finished typing the su password, it sort of crashed akonadi and suddenly I'm in root. Here's the lines exactly as they are on my console (its on another computer), swapping out my real username for myusername:

Code:
myusername@navi:~$
myusername@navi:~$ su
password:
root@navi:/home/myusername# naApplication 'akonadiserver' exited normally...

root@navi:/home/myusername#
notice the 'na' before the word Application, thats where I started to type in my root password. I know I couldn't have typed in the password without realizing it here, because I mistyped it - it should have begun with 'an' instead. That 'exit' announcement there appeared just as I began typing.

The segment of output I gave there is what shows after all the stuff that normally appears when you exit out of the WM the way I did.

So is this a known bug or did I find something new? Or is there a non-bug explanation?

Last edited by Cultist; 06-08-2011 at 09:28 PM.
 
Old 06-09-2011, 03:06 AM   #2
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,227

Rep: Reputation: 86
Can you reproduce this ?

If yes, indeed, this is a problem, Houston.
 
Old 06-09-2011, 03:15 AM   #3
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Interesting. Do try to reproduce it, or others who use KDE.
 
Old 06-09-2011, 06:33 AM   #4
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: SlackwareŽ
Posts: 11,221
Blog Entries: 3

Rep: Reputation: 1437Reputation: 1437Reputation: 1437Reputation: 1437Reputation: 1437Reputation: 1437Reputation: 1437Reputation: 1437Reputation: 1437Reputation: 1437
Hi,

Why are you using 'ctrl+alt+backspace'? Problems with the X server? You should shutdown KDE via exit/leave unless you are experiencing problems.

I believe you started entering from the kybd device before the X server was shut down. Try exiting KDE normally, let things shut down gracefully. Then you should be able to do console work after X server resets.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix local privilege escalation... trist007 Linux - Security 4 03-30-2011 02:55 PM
Privilege Escalation - Getting 'root' privilege Rahil Parikh Linux - Security 2 12-02-2010 01:04 AM
Intel CPU Privilege Escalation Exploit H_TeXMeX_H Linux - Security 4 04-22-2009 03:57 PM
Linux Privilege Escalation The.Hammer.911 Linux - Security 1 05-10-2007 06:07 PM
LXer: Postgresql Privilege Escalation and Denial of Service ... LXer Syndicated Linux News 0 02-16-2006 02:01 AM


All times are GMT -5. The time now is 06:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration