Re: Why SUID Binary exploit does not yield root shell?

From: buzzdee (reitenba@fh-brandenburg.de)
Date: 03/09/03

  • Next message: helmut schmidt: "Windows Shellcode - Using Detached_Process flag"
    From: buzzdee <reitenba@fh-brandenburg.de>
    To: vuln-dev@securityfocus.com
    Date: Sun, 9 Mar 2003 10:26:09 +0100
    
    

    Am Samstag, 8. März 2003 21:40 schrieb Kryptik Logik:
    > Folks:
    >
    > I've managed to find a buffer overflow and exploit it to exeve a /bin/sh
    > using my payload shellcode. However, whenever I run my exploit, I do get a
    > shell but just that it is an ordinary shell under my account (as id would
    > indicate).
    >
    > The binary that I've exploited is suid bit set so theoretically shouldn't
    > it create a root shell? I've tested my exploit on a small sample
    > vulnerable program that I wrote with the exact same permissions as the
    > binary in the system and I could get a root shell!
    >
    maybe the partition, on which your suid program is located is mounted with the
    nosuid parameter?

    <greetz>


  • Next message: helmut schmidt: "Windows Shellcode - Using Detached_Process flag"