Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...)

From: Bill Weiss <houdini () nmt edu>
Date: Fri, 26 Apr 2002 10:51:02 -0600
Anibal Ambertin(aambertin () securetty com ar)@Thu, Apr 25, 2002 at 01:02:52PM -0300:


    Hi you all.
    I've been playing with a linux system that we've for research and
gained shell access. I placed at /tmp a nobody suid shell (tcsh) with
permissions like "4777" (remember, just research :)). Well, thing is
when I try to execute it it says "Permission Denied", that's pretty strange
'cause as you can see, I do have execution access.
    I really can't see why...
    When this happened I thought in the ld-x.x.x behavior and tried it...
well, actually it worked right, but It DID NOT SUID ME!. If someone
has a tip or idea I'll take it :).

Thank you all.


Ok, two-parter:

1)
        /tmp is probably mounted noexec, possibly nosuid.  Put the root shell somewhere else.
2)
        As the discussion came out, that's the desired thing for ld to do.  It's executing
        the contents of the file, not the file itself.  Since the SUID bit is on the file,
        it doesn't happen.

-- 
Bill Weiss
Previous By Date Next
Previous By Thread Next

Current thread: