Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

** FreeBSD local r00t zeroday

From: Michał Manterys <michal.manterys () gmail com>
Date: Tue, 1 Dec 2009 20:55:53 +0100
http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071689.html

$ uname -a
FreeBSD serev1.domena.pl 7.2-STABLE FreeBSD 7.2-STABLE #1: Tue Dec  1
19:42:43 CET 2009     root () server1 domena pl:/usr/src/sys/i386/compile/kern1
i386
$ ./test.sh
env env.c program.c program.o test.sh w00t.so.1.0 FreeBSD local r00t zeroday
by Kingcope
November 2009
env.c: In function 'main':
env.c:5: warning: incompatible implicit declaration of built-in function
'malloc'
env.c:9: warning: incompatible implicit declaration of built-in function
'strcpy'
env.c:11: warning: incompatible implicit declaration of built-in function
'execl'
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
ALEX-ALEX
#id -a
uid=1018(user) gid=1018(user) euid=0(root) groups=1018(user)

Install patch:
cd /usr/src/libexec/rtld-elf
fetch http://wojciech.sychut.eu/rtld.patch
patch < rtld.patch
make clean
make
make install


and:

$ ./test.sh
env env.c program.c program.o test.sh w00t.so.1.0 FreeBSD local r00t zeroday
by Kingcope
November 2009
env.c: In function 'main':
env.c:5: warning: incompatible implicit declaration of built-in function
'malloc'
env.c:9: warning: incompatible implicit declaration of built-in function
'strcpy'
env.c:11: warning: incompatible implicit declaration of built-in function
'execl'
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
ALEX-ALEX
#id -a
uid=1018(user) gid=1018(user) euid=0(root) groups=1018(user)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: