Re: No Root Shell with SUID /bin/bash

From: Charles Clancy (security@xauth.net)
Date: 04/17/02


Date: Wed, 17 Apr 2002 12:18:27 -0500 (CDT)
From: Charles Clancy <security@xauth.net>
To: helmut schmidt <helmutsch69@hotmail.com>


> I have set the SUID bit on /bin/bash but when I run from a normal
> unprivileged user, I do not get a root shell - just a normal user context.

Your Linux bash is dropping its root privelidges before giving you the
prompt, for obvious security reasons. If you want to play with setuid
shells, I suggest a small wrapper program:

        #include<stdlib.h>
        main () {
                setuid(0);
                system("/bin/bash");
        }

Then as root:
        gcc bashwrap.c -o bashwrap
        chmod 4755 bashwrap

Now, running bashwrap as a normal user will give you a root prompt.

[ t. charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
coordinated science laboratory | university of illinois | crypto group



Relevant Pages

  • Re: AppArmor FAQ
    ... but it is a model that works in the limited http environment ... AppArmor was designed to do, and without specifics, this is just ... Exploited httpd is root shell. ...
    (Linux-Kernel)
  • Re: Single User Mode and Root
    ... M> Ian Northeast wrote: ... M>>>> so that single user mode doesn't have root privledges. ... M> need root shell and they're known. ... You cant protect a machine from people with physical access. ...
    (comp.os.linux.misc)
  • Re: bash as login shell
    ... but no explicit choice for bash occurs in the drop down list ... |>>> Account Manager. ... |>>For the root user, yes. ... |> and found the root shell had been changed to csh. ...
    (comp.unix.sco.misc)
  • Re: No Root Shell with SUID /bin/bash
    ... if you intend to place a backdoor root shell for ... changed the root password) then you should write a ... this service is rarely shut down by an attacker). ... destaddress, int length){ ...
    (Focus-Linux)
  • Re: questions regarding sh shell
    ... root uses csh on my FreeBSD 5.4-STABLE. ... doing things the way I am used to under bash. ... My systems have csh as root shell, ...
    (comp.unix.bsd.freebsd.misc)