Full Disclosure mailing list archives
Re: GNU gcc vuln. < 3.4.3 local root (.php)
From: Christian <evilninja () gmx net>
Date: Tue, 18 Jan 2005 05:16:39 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Farmer schrieb:
Old "vulnerability". Equivalent to:/* fake_vuln.c */ int getuid(void) { return 0; } int geteuid(void) { return 0; } int getgid(void) { return 0; }sh % gcc -shared fake_vuln.c -o fake_vuln.so sh % LD_PRELOAD=`pwd`/fake_vuln.so /bin/sh sh # id uid=0(root) gid=0(root) <etc etc etc> sh # cat /etc/shadow cat: /etc/shadow: Permission denied
there is even a package in my linux-distribution for this, called "fakeroot": evil@sheep:~$ fakeroot root@sheep:~# whoami root - -- BOFH excuse #38: secretary plugged hairdryer into UPS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB7I2nC/PVm5+NVoYRAo+VAJ46m6C9v61ukMCq8p525h8CxNrGcQCfbqbO uNmpG/WGygmCtHgGq/fHX48= =0/7e -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GNU gcc vuln. < 3.4.3 local root (.php) ZzagorR ZzagorR (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Andrew Farmer (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Christian (Jan 18)
- <Possible follow-ups>
- Re: GNU gcc vuln. < 3.4.3 local root (.php) ZzagorR ZzagorR (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Andrew Farmer (Jan 17)