[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Local suid files and buffer overflows

To: Werner Schalk <werner_schalk@xxxxxx>
Subject: Re: [Full-disclosure] Local suid files and buffer overflows
From: Pieter de Boer <pieter@xxxxxxxxxxxxxx>
Date: Sun, 09 Oct 2005 18:29:28 +0200

Werner Schalk wrote:

Now I exploited it using Aleph One's shellcode (see http://shellcode.org/shellcode/linux/null-free/) but I won't get a SUID shell afterwards (I know the exploit did work but I still have my normal user privleges). Why? I have tried a different shellcode to write a file and this file was root:root. Any ideas, hints, rtfm?

Some shells (at least bash, that I know of) drop privileges when uid != euid. That's why I 'always' use zsh, which doesn't do that ;)

--
Pieter
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Local suid files and buffer overflows
  - From: Werner Schalk

Prev by Date: [Full-disclosure] [SECURITY] [DSA 854-1] New tcpdump packages fix denial of service
Next by Date: [Full-disclosure] Re: Antivirus detection bypass by special crafted archive.
Previous by thread: Re: [Full-disclosure] Local suid files and buffer overflows
Next by thread: Re: [Full-disclosure] Local suid files and buffer overflows
Index(es):
- Date
- Thread