Why SUID Binary exploit does not yield root shell?

From: Kryptik Logik (kryptiklogik@hushmail.com)
Date: 03/08/03

  • Next message: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"
    Date: 8 Mar 2003 20:40:17 -0000
    From: Kryptik Logik <kryptiklogik@hushmail.com>
    To: vuln-dev@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Folks:

    I've managed to find a buffer overflow and exploit it to exeve a /bin/sh
    using my payload shellcode. However, whenever I run my exploit, I do get a
    shell but just that it is an ordinary shell under my account (as id would
    indicate).

    The binary that I've exploited is suid bit set so theoretically shouldn't
    it create a root shell? I've tested my exploit on a small sample
    vulnerable program that I wrote with the exact same permissions as the
    binary in the system and I could get a root shell!

    What is the magic here (if any)?

    Thankx in advance,

    # klogik


  • Next message: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"