[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: Hi all,
sudheer@xxxxxxxxxxxxx wrote:
> >
> > root>cp /bin/sh /bin/mysh
> > root>chmod +s /bin/mysh
> > root>chmod +x /bin/mysh 'may not be required.
> >
> > That's all, now go away and login as any user from any where in the
> > world,
> >
> > anyuser>whoami
> > anyuser
> > anyuser>/bin/mysh
> > anyuser>whoami
> > root
>
> This won't work. the shells are more intelligent nowadays.
> they behave according to the uid of the process invoking the shell.
> just like that of a 'passwd' program. eventhough the setuid bit is
> set for the 'passwd' program, a normal user can't change the passwd of
> another user even if he knows the other person's passwd.
>
> please, correct me if am wrong.
>
> sudheer
Yes it works on my rh 5.2 box, and that is the way i get root on my
linux box.
You can not change password of another user, because passwd checks for
the uid/gid.
Suid programs are extremely dangerous for the server security. If a user
can make any suid exit with a segmentation fault, in he becomes root in
9 out of 10 cases.
Want to try power of suid ? But back up /etc/passwd else you will
regret ?
root>chmod +s /bin/telnet
now be any user and
WARNING - make a copy copy of /etc/passwd file before you proceed.
anyuser> telnet -n /etc/passwd nosuchhost.nosuchdomain
Your /etc/passwd file will be wiped out.
Best Wishes.
- -mukund
http://members.theglobe.com/betacomp/default.html
http://members.xoom.com/BETACOMP/index1.htm
- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated. If you can appreciate satire read
http://www.templetons.com/brad/emily.html
------------------------------