Full Disclosure mailing list archives
Re: Symlink attack techniques
From: Werner Schalk <werner_schalk () gmx de>
Date: Thu, 15 Dec 2005 13:09:49 +0000
Hi, thanks for all the replies, I really appreciate this.
Assuming that the find command will report a directory or file that you control, you can use the symlink to overwrite a shell script, and then place shell commands into your file name:
Ok I should have been more precise in my previous mail. In this scenario I don't have control over the output generated by the find command. So basically the cronjob is something like: 15 4 * * 6 root /usr/bin/find /home/userA -type f -print > /tmp/report.txt Consequently as userB I have no way of influencing what information is printed by the find command to /tmp/report.txt but I can surely control /tmp/report.txt. Any other ideas of how to exploit this to gain root access? Thank you very very much. All the best, Werner. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Symlink attack techniques Werner Schalk (Dec 14)
- Re: Symlink attack techniques H D Moore (Dec 14)
- Re: Symlink attack techniques Werner Schalk (Dec 15)
- Re: Symlink attack techniques Joachim Schipper (Dec 15)
- Re: Symlink attack techniques James Longstreet (Dec 15)
- Re: Symlink attack techniques Valdis . Kletnieks (Dec 15)
- Re: Symlink attack techniques Tim (Dec 15)
- Re: Symlink attack techniques Werner Schalk (Dec 15)
- Re: Symlink attack techniques H D Moore (Dec 14)