Re: question on escalating privileges via suid vulnerabilities
- From: "John McGuire" <jmcguire81@xxxxxxxxx>
- Date: Sun, 25 Feb 2007 10:18:43 -0700
Thanks, adding setuid() cleared up the issue.
John
On 2/25/07, Michal Zalewski <lcamtuf@xxxxxxxxxxxx> wrote:
On Sat, 24 Feb 2007, John McGuire wrote:
> arr[1] = NULL;
setuid(0);
> execve (arr[0], arr, NULL);
Just add this line there. You are in all likelihood bumping into a
"protection" built into /bin/sh to make attacks marginally more
difficult.
/mz
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- References:
- question on escalating privileges via suid vulnerabilities
- From: John McGuire
- question on escalating privileges via suid vulnerabilities
- Prev by Date: RE: DNS mapping
- Next by Date: RE: Penetration Testing Framework 0.24 released
- Previous by thread: question on escalating privileges via suid vulnerabilities
- Next by thread: Re: question on escalating privileges via suid vulnerabilities
- Index(es):
