[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Hi all



On Fri, Jun 18, 1999, sudheer@xxxxxxxxxxxxx forced the electrons to say:
> > root>cp /bin/sh /bin/mysh
> > root>chmod +s /bin/mysh
> > root>chmod +x /bin/mysh 'may not be required.
> > anyuser>whoami
> > anyuser
> > anyuser>/bin/mysh
> > anyuser>whoami
> > root
> 
>     This won't work. the shells are more intelligent nowadays.
>   they behave according to the uid of the process invoking the shell.
>   just like that of a 'passwd' program. eventhough the setuid bit is
>   set for the 'passwd' program, a normal user can't change the passwd of
>   another user even if he knows the other person's passwd.

No. This will work fine. There might even be a legitimate use for
this falility (root using something like 
setuidshell -c grep someone /etc/sudoers 
while in a non root login).

But, this needs the root to be careless enough to leave a login on. One
of my most successful techniques (note that I am giving away the tricks
of the trade :-) was to download some program, compile it, edit the
Makefile to copy /bin/sh to my home and make it setuid while installing
the program, and innocently ask the root to install the program. The
unsuspecting root will just go into the build directory and run make
install, and I had my own personal copy of a setuid root shell.

So, all roots out there, be wary of users who ask you to install programs
that they downloaded/compiled!

Binand
- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
Linux India is NOT a forum for Microsoft/India/Pakistan/US/UK bashing.
Flame baits will not be tolerated.  If you can appreciate satire read
http://www.templetons.com/brad/emily.html

------------------------------