Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: The Dangerous of Fakeroot
From: Wiliam Steck <codeinjection () gmail com>
Date: Mon, 27 Aug 2012 20:32:52 -0400

It actually doesn't matter what OS or what kind of kernel security is on
going, this 'hole' of yours does not exist. and why would I want to 'try
make program exec /bin/sh 'n setuid it to root' that's just moronic.

so in closing, and once again this will NOT work on any Linux OS or Linux

Thanks for all the fish.

On Mon, Aug 27, 2012 at 6:52 PM, Teguh <info () egeektronic com> wrote:

@ Jeffrey Walton
 thx for the references

@ Wiliam Steck
what OS you tested on? 'n kernel security feature security you use

On 8/28/12, Wiliam Steck <codeinjection () gmail com> wrote:
this will only work if the desired user is in sudo and has permissions to
execute as root.
Otherwise, this post was a huge troll to get traffic to the website this
article is hosted on.

[20101:20100 - 0:501] 02:31:36 [nethic () nekobus:/dev/pts/9 +1] ~
$ fakeroot

[20209:20194 - 0:501] 02:31:39 [root () nekobus:/dev/pts/9 +3] ~
$ ls /root
ls: cannot open directory /root: Permission denied

[20209:20194 - 0:502] 02:31:47 [root () nekobus:/dev/pts/9 +3] ~
$ python
Python 2.7.3 (default, Apr 20 2012, 22:39:59)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
import os
os.system("sudo su")
ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be
preloaded: ignored.
[sudo] password for nethic:
Sorry, try again.
[sudo] password for nethic:
Sorry, try again.
[sudo] password for nethic:
Sorry, try again.
sudo: 3 incorrect password attempts
os.system("touch /root/test")
touch: cannot touch `/root/test': Permission denied

Better luck next time <3 <3 <3

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]