Penetration Testing mailing list archives
Re: solaris root-setuid script to gain root?
From: Krugger <merc4krugger () gmail com>
Date: Thu, 5 Jul 2007 16:04:27 +0100
You should be aware that bash doesn't run the script as root when suided. It uses the caller uid.
From the man page:
Invoked with unequal effective and real UID/GIDs If Bash is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS variable, if it appears in the environment, is ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- Re: solaris root-setuid script to gain root? Vitalik N. (Jul 01)
- Re: solaris root-setuid script to gain root? Nathan Sportsman (Jul 01)
- Re: solaris root-setuid script to gain root? Vitalik N. (Jul 01)
- Re: solaris root-setuid script to gain root? Krugger (Jul 05)
- Re: solaris root-setuid script to gain root? Vitalik N. (Jul 01)
- Re: solaris root-setuid script to gain root? Nathan Sportsman (Jul 01)