Bugtraq: Re: SUID shell scripts, questions?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SUID shell scripts, questions?

From: woods () ncar ucar edu (Greg Woods)
Date: Fri, 10 Feb 95 17:23:11 MST

Since starting the shell can take
a finite amount of time, there's a race condition where you can substitute
in a different file for the one that originally spawned the shell.


Or you can just create a symlink to a setuid script called "-i". Guess
what happens when the system executes "sh -i"? Don't even need the
race condition. And even without this, you could always overwrite the
SAME file with something new, so the fd doesn't change.

--Greg

By Date By Thread

Current thread:

SUID shell scripts, questions? That Whispering Wolf... (Feb 10)
- Re: SUID shell scripts, questions? Adam Shostack (Feb 10)
- Re: SUID shell scripts, questions? Greg Woods (Feb 10)
  - Re: SUID shell scripts, questions? Carson Gaspar (Feb 11)
  - Re: SUID shell scripts, questions? Fred Blonder (Feb 13)
  - IFS Dave Williss (Feb 13)
    - Re: IFS Karl Strickland (Feb 13)
    - Re: IFS Jas (Feb 13)