Bugtraq: Re: SUID shell scripts, questions?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SUID shell scripts, questions?

From: carson () lehman com (Carson Gaspar)
Date: Sat, 11 Feb 1995 18:38:00 -0500 (EST)


On Fri, 10 Feb 1995, Greg Woods wrote:

Or you can just create a symlink to a setuid script called "-i". Guess
what happens when the system executes "sh -i"? Don't even need the
race condition. And even without this, you could always overwrite the
SAME file with something new, so the fd doesn't change.


Attack #1 (symlink -i) fails under solaris.  The shell is invoked as:
/bin/sh /dev/fd/xxx

Attack #2 is only possible if you're dumb enough to leave a setuid 
program world-writeable.

--
Carson Gaspar -- carson () cs columbia edu carson () lehman com
<This is the boring business .sig - no outre sayings here>

By Date By Thread

Current thread:

SUID shell scripts, questions? That Whispering Wolf... (Feb 10)
- Re: SUID shell scripts, questions? Adam Shostack (Feb 10)
- Re: SUID shell scripts, questions? Greg Woods (Feb 10)
  - Re: SUID shell scripts, questions? Carson Gaspar (Feb 11)
  - Re: SUID shell scripts, questions? Fred Blonder (Feb 13)
  - IFS Dave Williss (Feb 13)
    - Re: IFS Karl Strickland (Feb 13)
    - Re: IFS Jas (Feb 13)
    - Re: IFS Paul Robinson (Feb 14)