RE: FreeBSD 4.3 local root

From: Jason DiCioccio (jdicioccio@epylon.com)
Date: 07/12/01


From: Jason DiCioccio <jdicioccio@epylon.com>
To: 'Przemyslaw Frasunek' <venglin@freebsd.lublin.pl>, Jason DiCioccio <geniusj@bluenugget.net>, Matjaz Martincic <matjaz.martincic@hermes.si>, security@FreeBSD.ORG
Date: Thu, 12 Jul 2001 10:37:10 -0700


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try naming it a.out, it sure didnt work for me that way..

- -------
Jason DiCioccio
Evil Genius
Unix BOFH
- -----Original Message-----
From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl]
Sent: Thursday, July 12, 2001 8:59 AM
To: Jason DiCioccio; Matjaz Martincic; security@FreeBSD.ORG
Subject: Re: FreeBSD 4.3 local root

> The binary must be named vv..
> Name the binary 'vv' and try again

No, because argv[0] is exec()ed:

  if(!execle(av[0],"vv",NULL,environ))
[...]

riget:venglin:~> cc -o dupa vvfreebsd.c
riget:venglin:~> ./dupa
vvfreebsd. Written by Georgi Guninski
shall jump to bfbffe72
child=81380
Password:done

# id
uid=0(root) gid=1001(users) groups=1001(users), 99(rexec)

- --
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL:
PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP:
D48684904685DF43EA93AFA13BE170BF *

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO03hH1CmU62pemyaEQIriQCg4bfyj3snwfqLbUFJbM0qDrfH7GcAoL7Z
xMkdpyQJ4BpdJUGL61rbBAjz
=aolt
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • RE: FreeBSD 4.3 local root
    ... Matt ... Subject: FreeBSD 4.3 local root ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • RE: FreeBSD 4.3 local root
    ... Subject: FreeBSD 4.3 local root ... Ideas on why it doesnt work? ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Racoon/sainfo - no policy found
    ... > I have a FreeBSD machine runing NAT, IPFilter, IPSec, ... > Racoon among other things. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Is the technique described in this article do-able with
    ... > I believe that when you "halt" FreeBSD the whole OS halts. ... you may not care about log info. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • RE: OpenSSH b0rked (was RE: Problems with IPFW patch)
    ... Just did that as per your suggestion. ... > You'd be better off running mergemaster anyway, ... > with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)