RE: FreeBSD 4.3 local root

From: Jason DiCioccio (jdicioccio@epylon.com)
Date: 07/12/01

• Next message: serkoon: "Re: FreeBSD 4.3 local root"
• Previous message: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
• Maybe in reply to: Matjaz Martincic: "RE: FreeBSD 4.3 local root"
• Next in thread: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
• Reply: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Jason DiCioccio <jdicioccio@epylon.com>
To: 'Przemyslaw Frasunek' <venglin@freebsd.lublin.pl>, Jason DiCioccio <geniusj@bluenugget.net>, Matjaz Martincic <matjaz.martincic@hermes.si>, security@FreeBSD.ORG
Date: Thu, 12 Jul 2001 10:37:10 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try naming it a.out, it sure didnt work for me that way..

- -------
Jason DiCioccio
Evil Genius
Unix BOFH
- -----Original Message-----
From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl]
Sent: Thursday, July 12, 2001 8:59 AM
To: Jason DiCioccio; Matjaz Martincic; security@FreeBSD.ORG
Subject: Re: FreeBSD 4.3 local root

> The binary must be named vv..
> Name the binary 'vv' and try again

No, because argv[0] is exec()ed:

  if(!execle(av[0],"vv",NULL,environ))
[...]

riget:venglin:~> cc -o dupa vvfreebsd.c
riget:venglin:~> ./dupa
vvfreebsd. Written by Georgi Guninski
shall jump to bfbffe72
child=81380
Password:done

# id
uid=0(root) gid=1001(users) groups=1001(users), 99(rexec)

- --
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL:
PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP:
D48684904685DF43EA93AFA13BE170BF *

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO03hH1CmU62pemyaEQIriQCg4bfyj3snwfqLbUFJbM0qDrfH7GcAoL7Z
xMkdpyQJ4BpdJUGL61rbBAjz
=aolt
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: serkoon: "Re: FreeBSD 4.3 local root"
• Previous message: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
• Maybe in reply to: Matjaz Martincic: "RE: FreeBSD 4.3 local root"
• Next in thread: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
• Reply: Przemyslaw Frasunek: "Re: FreeBSD 4.3 local root"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: FreeBSD 4.3 local root ... Matt ... Subject: FreeBSD 4.3 local root ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) RE: FreeBSD 4.3 local root ... Subject: FreeBSD 4.3 local root ... Ideas on why it doesnt work? ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: Racoon/sainfo - no policy found ... > I have a FreeBSD machine runing NAT, IPFilter, IPSec, ... > Racoon among other things. ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: Is the technique described in this article do-able with ... > I believe that when you "halt" FreeBSD the whole OS halts. ... you may not care about log info. ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) RE: OpenSSH b0rked (was RE: Problems with IPFW patch) ... Just did that as per your suggestion. ... > You'd be better off running mergemaster anyway, ... > with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-07