Re: SUID shells...aaarrgghh
> > so, logging into console as root
> >
> > $ cp /bin/bash /bin/somefile
> >
> > $ ls -l /bin/somefile
> > - -rwxr-x--- 1 root root 318612 Oct 14 22:44 /bin/somefile
> >
> > $ chmod a+xs /bin/somefile
> > - -rwsr-s--x 1 root root 318612 Oct 14 22:44 /bin/somefile
> You're just running into some simple protection that is designed to trip up
> said pimply-faced crackers: bash gives up any suid permissions when it
> starts up.
Note that this behaviour is new in bash-2.0 (1.4 didn't do it).
I find it annoying, though. I don't really see the great advantage
of this (its _very_ easy to get around for hackers), and it makes it
more difficult for me to become UID 7483 (no such user exists on my
system, but say it does on a friendly nfs server).
I used to be able to just do
cp /bin/bash /tmp; chown 7483 /tmp/bash; chmod u+s /tmp/bash;/tmp/bash
but now I have to use a different shell (and then type bash, cause I cannot
use the other shell). Does anyone know of an easier way to become
UID=7483?
> If you try the same thing with some other shell that doesn't have this
> protection, it will probably work as you would expect.
--
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: