Penetration Testing mailing list archives
Re: question on escalating privileges via suid vulnerabilities
From: "John McGuire" <jmcguire81 () gmail com>
Date: Sun, 25 Feb 2007 10:18:43 -0700
Thanks, adding setuid() cleared up the issue. John On 2/25/07, Michal Zalewski <lcamtuf () dione ids pl> wrote:
On Sat, 24 Feb 2007, John McGuire wrote: > arr[1] = NULL; setuid(0); > execve (arr[0], arr, NULL); Just add this line there. You are in all likelihood bumping into a "protection" built into /bin/sh to make attacks marginally more difficult. /mz
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- question on escalating privileges via suid vulnerabilities John McGuire (Feb 25)
- Message not available
- Re: question on escalating privileges via suid vulnerabilities John McGuire (Feb 26)
- Message not available
- Re: question on escalating privileges via suid vulnerabilities Christoph Bussenius (Feb 26)
- Re: question on escalating privileges via suid vulnerabilities Marco Ivaldi (Feb 26)
- Re: question on escalating privileges via suid vulnerabilities Andrea Purificato - bunker (Feb 26)
- Re: question on escalating privileges via suid vulnerabilities Fábio Russo (Feb 28)