Re: SUID shells...aaarrgghh
Garry Myers wrote:
> so, logging into console as root
>
> $ cp /bin/bash /bin/somefile
>
> $ ls -l /bin/somefile
> - -rwxr-x--- 1 root root 318612 Oct 14 22:44 /bin/somefile
>
> $ chmod a+xs /bin/somefile
> - -rwsr-s--x 1 root root 318612 Oct 14 22:44 /bin/somefile
>
> Presumably a hacker (or cracker to be precise) would chgrp to root if root
> was gained by some exploit. Exiting and logging in as test_user (created
> for the purpose), when I execute /bin/somefile and do whoami and id,
> test_user is still controlling the shell with uid guid etc set to
> test_user. I've tried a number of variations on the above but to no
> avail. I *hate* the idea of not knowing how to do something that some
> IRC #hack juvenile can! I know I'm missing something awfully obvious
> here or else I've got something new to crow about regarding Debian to my
> linux-challenged (read RedHat and Slackware :) ) friends...
You're just running into some simple protection that is designed to trip up
said pimply-faced crackers: bash gives up any suid permissions when it
starts up.
If you try the same thing with some other shell that doesn't have this
protection, it will probably work as you would expect.
--
see shy jo
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: