Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: TTY handling when executing code in different lower-privileged context (su, virt containers)
From: halfdog <me () halfdog net>
Date: Tue, 06 Nov 2012 18:53:48 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

vladz wrote:

On Mon, Nov 05, 2012 at 07:22:37PM +0000, halfdog wrote:
During programming experiments I found some class of
vulnerabilities [1], that seem to be rediscovered again from time
to time, but since attack value is questionable, it was not fixed
yet.

... I wrote this little PoC [2] to hijacked interactive bash shell
opened with "su - <user>".

Off-List: May I have permission to reference your POC from my page?

hd

[2] http://vladz.devzero.fr/svn/codes/bash/dontsu.sh

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCZXLAACgkQxFmThv7tq+4MCQCdHxnTjzVEik3HUyCPceta0lKD
GPsAn32YKvJLE0Oect0KW9Xhdea/3joa
=Vyr3
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault