If you could change /etc/passwd to begin with, either /etc/passwd would be world-writeable or you'd already be equivalent to 'root' and you wouldn't need to touch sudo, which by default doesn't allow root to run it. A rather off-base question because if you're already root-equiv (UID: 0), then it doesn't matter...you can shut off syslog, change routing and networking tables, etc...install backdoors, fatal suid progs, set eth0 to promiscuous, replace binaries with your own mix, the usual....Originally posted here by hacker_vk
thx again !! the_JinX, SirDice.
Right Now my head is in the sudo-link...dupppp..
Hey..one sec.. another Doubt.
Assume if I could change "passwd" file for myself to be root. Then I CAN do anything with "/etc/sudoers" file & also I can remove entries from it's log files.
Isn't that a hole. If not then what's the patch.
Thx again in advancE.
So no, it's not a "hole"....
Reply With Quote