Vulnerability Development mailing list archives

Re: Why SUID Binary exploit does not yield root shell?

From: tony () 777h org
Date: Sun, 9 Mar 2003 15:34:27 -0500

Check out your system logs.. when i wrote an exploit for vpnclient under
gentoo linux, PAM was catching the exploit..

for the workaround i used, check the exploit out:
http://sec.angrypacket.com/exploits/vpnKILLient.c

On Sat, Mar 08, 2003 at 08:40:17PM -0000, Kryptik Logik wrote:



Folks:

I've managed to find a buffer overflow and exploit it to exeve a /bin/sh 
using my payload shellcode. However, whenever I run my exploit, I do get a 
shell but just that it is an ordinary shell under my account (as id would 
indicate).

The binary that I've exploited is suid bit set so theoretically shouldn't 
it create a root shell? I've tested my exploit on a small sample 
vulnerable program that I wrote with the exact same permissions as the 
binary in the system and I could get a root shell!

What is the magic here (if any)?

Thankx in advance,

# klogik


-- 
+ Cannot find nsabackdoor.dll. Please reinstall Windows.

Current thread:

Why SUID Binary exploit does not yield root shell? Kryptik Logik (Mar 08)
- Re: Why SUID Binary exploit does not yield root shell? Shaun Clowes (Mar 09)
- Re: Why SUID Binary exploit does not yield root shell? buzzdee (Mar 09)
- Re: Why SUID Binary exploit does not yield root shell? Brian Hatch (Mar 09)
  - Re: Why SUID Binary exploit does not yield root shell? Andres Roldan (Mar 10)
- Re: Why SUID Binary exploit does not yield root shell? tony (Mar 09)