[ale] Please Help

Jerry Z. Yu z.yu at ptek.com
Thu Mar 28 15:53:42 EST 2002


	Is /home resides a fs which has 'nosuid' enabled?

On Thu, 28 Mar 2002, Chris Fowler wrote:

#I was not pointing fingers.  I was making a comment that if I did the
#commands in my email that
#I would no gain root access.  I should have gained root.
#
#[root at cfowler root]# cd /home/cfowler
#[root at cfowler cfowler]# cp /bin/bahs .sh
#cp: cannot stat `/bin/bahs': No such file or directory
#[root at cfowler cfowler]# cp /bin/bash .sh
#[root at cfowler cfowler]# chmod 4755 .sh
#[root at cfowler cfowler]# su - cfowler
#[cfowler at cfowler cfowler]$ ./sh
#bash: ./sh: No such file or directory
#[cfowler at cfowler cfowler]$ ./.sh
#.sh-2.05$ exit
#exit
#[cfowler at cfowler cfowler]$ ls -l .sh
#-rwsr-xr-x    1 root     root       519964 Mar 28 14:08 .sh
#[cfowler at cfowler cfowler]$
#[cfowler at cfowler cfowler]$ ./.sh
#.sh-2.05$ cd /root
#.sh: cd: /root: Permission denied
#.sh-2.05$
#
#Notice how I do not have root even though my shell is 4755 and owned by
#root.
#
#Chris
#
#-----Original Message-----
#From: Ken Nagorski [mailto:kenn at pcintelligent.com]
#Sent: Thursday, March 28, 2002 3:32 PM
#To: cfowler at outpostsentinel.com
#Subject: RE: [ale] Please Help
#
#
#Hi there,
#
#Yes - I understand that there are security risks, however the perl scritp
#does some very harsh integrity checking before is runs any commands so I am
#not to worried...
#
#Thanks
#ken
#
#> You bring up a good point.  I was showing a friend a very simple
#> root exploit.  Heres how it goes:
#>
#> 1) cp /bin/sh ~/.sh
#> 2) chown root ~./sh
#> 3) chmod 4755 ~/.sh
#>
#> You have to gain root access once to make it work.  Then every time you
#> log into the machien as a normal user just excute the suid shell. On
#> old linux distros this trick works.  I can not get it to work on RH
#> 7.2.  Not sure why.
#>
#> Chris
#>
#> -----Original Message-----
#> From: Ken Nagorski [mailto:kenn at pcintelligent.com]
#> Sent: Thursday, March 28, 2002 3:05 PM
#> To: ale at ale.org
#> Subject: [ale] Please Help
#>
#>
#> Please tell me someone knows how to do this. Here is the problem.
#>
#> I need to a script SUID form a website. It is a PHP script that calls a
#> wrapper program written in C and it is set 4755, The script is calls
#> just runs a system command, actually a courier command, the makealises
#> command. But I can't get this to work for the life of me. I know that
#> someone has had of written the script that simplifies system mamagment
#> and then needed to run a system command when it is finished but HOW?
#>
#> Uhg - Thanks
#> Ken
#>
#>
#>
#>
#> ---
#> This message has been sent through the ALE general discussion list. See
#> http://www.ale.org/mailing-lists.shtml for more info. Problems should
#> be sent to listmaster at ale dot org.
#>
#>
#>
#>
#> ---
#> This message has been sent through the ALE general discussion list. See
#> http://www.ale.org/mailing-lists.shtml for more info. Problems should
#> be  sent to listmaster at ale dot org.
#
#
#
#
#
#
#---
#This message has been sent through the ALE general discussion list.
#See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
#sent to listmaster at ale dot org.
#

Jerry Z. Yu					+1-404-262-8544 (O)
systems engineer				z.yu at voicecom.com
is support, voicecom, llc			www.voicecom.com


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list