Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Setuid programs run from shell scripts?
From: proff () suburbia apana org au (Julian Assange)
Date: Fri, 18 Nov 1994 03:59:19 +0100

On Thu, 17 Nov 1994, Fred Blonder wrote:


      From: Julian Assange <proff () suburbia apana org au>

              .
              .
              .

      Of course, to make things really interesting, we could have n files, 
      comprised of n-1 setuid/setgid scripts and 1 setuid/setgid binary, with 
      each script calling the next as its #! argument and the last calling the 
      binary. ;-)

The '#!' exec-hack does not work recursively.  I just tried it under SunOs 4.1.3
It generated no diagnostics and exited with status 0, but it also didn't execute
the target binary.



#include <stdio.h>
main(int c, char **v)
{
        char s[255];
        FILE *fh; 
        int n=atoi(v[1]); 
        while (n--)
        {
                sprintf(s, "f%d", n);  
                fh=fopen(s, "w"); 
                fprintf(fh, "#!f%d", n+1); 
                fchmod(fileno(fh), 0700); 
                fclose(fh); 
        }
} 

Does under linux (300 deep at least). However, linux doesn't permit suid
scripts in anyvent. Other platforms I have not as yet tested. 

Proff

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]