Vulnerability Development mailing list archives
1 Suid-Writeable Root Owned File...Easy Compromise?
From: Barry Russell <bjz11600 () PRODIGY NET>
Date: Thu, 26 Oct 2000 20:05:23 -0400
While messing around with a big web hosting company Sun OS system I came across one(well actually two but too much messing around got that file deleted) and the file was owned root, suid and writeable by all. $ ls -la xu_chown -rwsrwxrwx 1 root root xxxxxx Oct ?? ??:?? xu_chown (variables changed to protect the innocent) The file is a binary file, so after a little more messing around and talking with a few people I was able to construct a perl script that carries the source of one binary to that file so that the permissions would stay the same. Well I did a little bit of playing around with no way of taking 'advantage' of this file. I was wondering since its root/suid/writeable was there anyway to exploit this ? This file might also be the same way on other Sun systems but I have yet to check and see. Barry Russell
Current thread:
- 1 Suid-Writeable Root Owned File...Easy Compromise? Barry Russell (Oct 27)
- Re: 1 Suid-Writeable Root Owned File...Easy Compromise? Ralph Moonen (Oct 29)