Vulnerability Development mailing list archives
Owning privileged processes under UnixWare
From: btellier () USA NET (Tellier, Brock)
Date: Mon, 6 Dec 1999 20:24:45 -0000
Greetings, I hope some of you have been following my UnixWare posts on Bugtraq because this development will be mostly based on that. Basically, UnixWare programs gain privileges not only from being suid/sgid, but also from /etc/security/tcb/privs. Some of the additional privileges gained might be the ability to setuid() at will or read/write to any file on the system regardless of permissions. The major problem is that UnixWare still allows you to own one of these privileged processes, inasmuch as you can still truss(1) them. Since you can truss them, I would assume have complete control over the process. Since I'm not exactly Mr. procfs, I was wondering if there is a way to be able to launch one of these privileged programs and hijack the process, making it open(), setuid() or something else. When I asked horizon about this, he mentioned that I might want to try using the old LD_PRELOAD trick instead. However, UnixWare doesn't seem to support this. Maybe there is another, simpler way to cause the privileged program to do something silly. Any ideas? Brock Tellier UNIX Systems Administrator Chicago, IL, USA btellier () usa net
Current thread:
- Idiocy "exploit" Roy Wilson (Dec 01)
- Re: Idiocy "exploit" Blue Boar (Dec 01)
- Re: Idiocy "exploit" Joel Eriksson (Dec 03)
- Owning privileged processes under UnixWare Tellier, Brock (Dec 06)
- Re: Owning privileged processes under UnixWare Elias Levy (Dec 06)
- Re: Owning privileged processes under UnixWare Blue Boar (Dec 07)
- rpcclient 2.0.5a crashed services.exe Blue Boar (Dec 13)
- Wireless LANs ? Sebastian Andersson (Dec 14)
- [Fwd: rpcclient 2.0.5a crashed services.exe] Blue Boar (Dec 15)
- BSD chfn bug Pavol Luptak (Dec 20)
- Re: BSD chfn bug Przemyslaw Frasunek (Dec 21)
- Re: BSD chfn bug Warner Losh (Dec 21)
- Re: BSD chfn bug Tellier, Brock (Dec 23)
- Re: BSD chfn bug Stanislav N. Vardomskiy (Dec 25)
- Re: Idiocy "exploit" Blue Boar (Dec 01)