|
Full Disclosure
mailing list archives
Re: GNU gcc vuln. < 3.4.3 local root (.php)
From: Christian <evilninja () gmx net>
Date: Tue, 18 Jan 2005 05:16:39 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Farmer schrieb:
Old "vulnerability". Equivalent to:
/* fake_vuln.c */
int getuid(void) { return 0; }
int geteuid(void) { return 0; }
int getgid(void) { return 0; }
sh % gcc -shared fake_vuln.c -o fake_vuln.so
sh % LD_PRELOAD=`pwd`/fake_vuln.so /bin/sh
sh # id
uid=0(root) gid=0(root) <etc etc etc>
sh # cat /etc/shadow
cat: /etc/shadow: Permission denied
there is even a package in my linux-distribution for this, called "fakeroot":
evil () sheep:~$ fakeroot
root () sheep:~# whoami
root
- --
BOFH excuse #38:
secretary plugged hairdryer into UPS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB7I2nC/PVm5+NVoYRAo+VAJ46m6C9v61ukMCq8p525h8CxNrGcQCfbqbO
uNmpG/WGygmCtHgGq/fHX48=
=0/7e
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
