Re: No Root Shell with SUID /bin/bash
From: Denis Ducamp (Denis.Ducamp@hsc.fr)Date: 04/18/02
- Previous message: glynis@butterfly.hjsoft.com: "Re: No Root Shell with SUID /bin/bash"
- In reply to: helmut schmidt: "No Root Shell with SUID /bin/bash"
- Next in thread: Peter Pan: "Re: No Root Shell with SUID /bin/bash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Apr 2002 11:36:19 +0200 From: Denis Ducamp <Denis.Ducamp@hsc.fr> To: focus-linux@securityfocus.com
On Wed, Apr 17, 2002 at 02:38:34PM +0000, helmut schmidt wrote:
> Hello,
Hi,
> I have set the SUID bit on /bin/bash but when I run from a normal
> unprivileged user, I do not get a root shell - just a normal user context.
>
> When I do the same on Compaq Tru64 I get a root shell - as expected.
>
> Can someone explain why my Linux (Suse 6.2) will not play...
A bash function :
$ ls -l /tmp/sh
-rwsr-xr-x 1 root bin 477756 Aug 25 2000 /tmp/sh*
$ /tmp/sh
$ id
uid=1000(ducamp) gid=1000(ducamp)
groups=1000(ducamp),10(wheel),11(floppy),14(uucp),100(users),102(src),999(sftp)
$ exit
exit
$ /tmp/sh -p
# id
uid=1000(ducamp) gid=1000(ducamp) euid=0(root)
groups=1000(ducamp),10(wheel),11(floppy),14(uucp),100(users),102(src),999(sftp)
# exit
exit
$
Only bash v2 has that, not bash v1. Other modern shells may have that too.
This is why all modern shell-code begin with a setreuid(0,0).
Denis Ducamp.
-- Denis.Ducamp@hsc.fr --- Hervé Schauer Consultants --- http://www.hsc.fr/ Owl/Openwall/snort/hping/dsniff en français http://www.groar.org/trad/ Owl en français http://www.openwall.com/Owl/fr/ Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html
- Previous message: glynis@butterfly.hjsoft.com: "Re: No Root Shell with SUID /bin/bash"
- In reply to: helmut schmidt: "No Root Shell with SUID /bin/bash"
- Next in thread: Peter Pan: "Re: No Root Shell with SUID /bin/bash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
