Re: question on escalating privileges via suid vulnerabilities

From: John McGuire (jmcguire81@gmail.com)
Date: Sun Feb 25 2007 - 12:18:43 EST


Thanks, adding setuid() cleared up the issue.

John

On 2/25/07, Michal Zalewski <lcamtuf@dione.ids.pl> wrote:
> On Sat, 24 Feb 2007, John McGuire wrote:
>
> > arr[1] = NULL;
> setuid(0);
> > execve (arr[0], arr, NULL);
>
> Just add this line there. You are in all likelihood bumping into a
> "protection" built into /bin/sh to make attacks marginally more
> difficult.
>
> /mz
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT