Why SUID Binary exploit does not yield root shell?
From: Kryptik Logik (kryptiklogik@hushmail.com)
Date: 03/08/03
- Previous message: Adam Gilmore: "RE: xscreensaver exploit for Redhat 7.3"
- Next in thread: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: buzzdee: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: Brian Hatch: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: tony@777h.org: "Re: Why SUID Binary exploit does not yield root shell?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Mar 2003 20:40:17 -0000 From: Kryptik Logik <kryptiklogik@hushmail.com> To: vuln-dev@securityfocus.com('binary' encoding is not supported, stored as-is)
Folks:
I've managed to find a buffer overflow and exploit it to exeve a /bin/sh
using my payload shellcode. However, whenever I run my exploit, I do get a
shell but just that it is an ordinary shell under my account (as id would
indicate).
The binary that I've exploited is suid bit set so theoretically shouldn't
it create a root shell? I've tested my exploit on a small sample
vulnerable program that I wrote with the exact same permissions as the
binary in the system and I could get a root shell!
What is the magic here (if any)?
Thankx in advance,
# klogik
- Previous message: Adam Gilmore: "RE: xscreensaver exploit for Redhat 7.3"
- Next in thread: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: buzzdee: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: Brian Hatch: "Re: Why SUID Binary exploit does not yield root shell?"
- Reply: tony@777h.org: "Re: Why SUID Binary exploit does not yield root shell?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
