Bugtraq mailing list archives
Re: SUID shell scripts, questions?
From: carson () lehman com (Carson Gaspar)
Date: Sat, 11 Feb 1995 18:38:00 -0500 (EST)
On Fri, 10 Feb 1995, Greg Woods wrote:
Or you can just create a symlink to a setuid script called "-i". Guess what happens when the system executes "sh -i"? Don't even need the race condition. And even without this, you could always overwrite the SAME file with something new, so the fd doesn't change.
Attack #1 (symlink -i) fails under solaris. The shell is invoked as: /bin/sh /dev/fd/xxx Attack #2 is only possible if you're dumb enough to leave a setuid program world-writeable. -- Carson Gaspar -- carson () cs columbia edu carson () lehman com <This is the boring business .sig - no outre sayings here>
Current thread:
- SUID shell scripts, questions? That Whispering Wolf... (Feb 10)
- Re: SUID shell scripts, questions? Adam Shostack (Feb 10)
- Re: SUID shell scripts, questions? Greg Woods (Feb 10)
- Re: SUID shell scripts, questions? Carson Gaspar (Feb 11)
- Re: SUID shell scripts, questions? Fred Blonder (Feb 13)
- IFS Dave Williss (Feb 13)
- Re: SUID shell scripts, questions? David A. Wagner (Feb 10)
- Re: SUID shell scripts, questions? Peter Wemm (Feb 11)