Re: question on escalating privileges via suid vulnerabilities

From: John McGuire (jmcguire81@gmail.com)
Date: Sun Feb 25 2007 - 12:18:43 EST

• Next message: Liam Downward: "RE: Penetration Testing Framework 0.24 released"
• Previous message: Elias-Bachrach, Ari (721): "RE: DNS mapping"
• Maybe in reply to: John McGuire: "question on escalating privileges via suid vulnerabilities"
• Next in thread: Christoph Bussenius: "Re: question on escalating privileges via suid vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks, adding setuid() cleared up the issue.

John

On 2/25/07, Michal Zalewski <lcamtuf@dione.ids.pl> wrote:
> On Sat, 24 Feb 2007, John McGuire wrote:
>
> > arr[1] = NULL;
> setuid(0);
> > execve (arr[0], arr, NULL);
>
> Just add this line there. You are in all likelihood bumping into a
> "protection" built into /bin/sh to make attacks marginally more
> difficult.
>
> /mz
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Liam Downward: "RE: Penetration Testing Framework 0.24 released"
• Previous message: Elias-Bachrach, Ari (721): "RE: DNS mapping"
• Maybe in reply to: John McGuire: "question on escalating privileges via suid vulnerabilities"
• Next in thread: Christoph Bussenius: "Re: question on escalating privileges via suid vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT