Re: No Root Shell with SUID /bin/bash

From: Charles Clancy (security@xauth.net)
Date: 04/17/02


Date: Wed, 17 Apr 2002 12:18:27 -0500 (CDT)
From: Charles Clancy <security@xauth.net>
To: helmut schmidt <helmutsch69@hotmail.com>


> I have set the SUID bit on /bin/bash but when I run from a normal
> unprivileged user, I do not get a root shell - just a normal user context.

Your Linux bash is dropping its root privelidges before giving you the
prompt, for obvious security reasons. If you want to play with setuid
shells, I suggest a small wrapper program:

        #include<stdlib.h>
        main () {
                setuid(0);
                system("/bin/bash");
        }

Then as root:
        gcc bashwrap.c -o bashwrap
        chmod 4755 bashwrap

Now, running bashwrap as a normal user will give you a root prompt.

[ t. charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
coordinated science laboratory | university of illinois | crypto group