Vulnerability Development mailing list archives

Re: Why SUID Binary exploit does not yield root shell?

From: buzzdee <reitenba () fh-brandenburg de>
Date: Sun, 9 Mar 2003 10:26:09 +0100

Am Samstag, 8. März 2003 21:40 schrieb Kryptik Logik:

Folks:

I've managed to find a buffer overflow and exploit it to exeve a /bin/sh
using my payload shellcode. However, whenever I run my exploit, I do get a
shell but just that it is an ordinary shell under my account (as id would
indicate).

The binary that I've exploited is suid bit set so theoretically shouldn't
it create a root shell? I've tested my exploit on a small sample
vulnerable program that I wrote with the exact same permissions as the
binary in the system and I could get a root shell!

maybe the partition, on which your suid program is located is mounted with the 
nosuid parameter? 

<greetz>

Current thread:

Why SUID Binary exploit does not yield root shell? Kryptik Logik (Mar 08)
- Re: Why SUID Binary exploit does not yield root shell? Shaun Clowes (Mar 09)
- Re: Why SUID Binary exploit does not yield root shell? buzzdee (Mar 09)
- Re: Why SUID Binary exploit does not yield root shell? Brian Hatch (Mar 09)
  - Re: Why SUID Binary exploit does not yield root shell? Andres Roldan (Mar 10)
- Re: Why SUID Binary exploit does not yield root shell? tony (Mar 09)