Re: No Root Shell with SUID /bin/bash
From: Peter Pan (radiodrinker@yahoo.de)Date: 04/25/02
- Previous message: Lawless, Tim: "RE: Adore over adore?"
- Maybe in reply to: helmut schmidt: "No Root Shell with SUID /bin/bash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Apr 2002 10:49:06 +0200 (CEST) From: Peter Pan <radiodrinker@yahoo.de> To: Denis.Ducamp@hsc.fr, styx@SuxOS.org
Hi,
some comments on the comments:
Johannes is of course right. If there were a
exploitable flaw in an implementation of a function,
then it would be better not to have an effective uid
0.
But you can't drop root privileges and then regain
them (as Johannes proposed) with setuid. You need the
(non-posix, BSD) seteuid for managing a task like
this.
Denis, the difference between sudo and the small C
program is that the C program doesn't need an
/etc/sudoers file (which could be deleted by an
attacker) or something similar for authentication.
There are many things that can be improved, maybe
choosing a hash function which is even more time
consuming than MD5 and due to this more resistant to
wordbook-attacks and enumeration of passwords.
__________________________________________________________________
Gesendet von Yahoo! Mail - http://mail.yahoo.de
Sie brauchen mehr Speicher für Ihre E-Mails? - http://premiummail.yahoo.de
- Previous message: Lawless, Tim: "RE: Adore over adore?"
- Maybe in reply to: helmut schmidt: "No Root Shell with SUID /bin/bash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
