Re: Root permission over the internet

From: Ian Jones (roux@attbi.com)
Date: 05/23/02


From: Ian Jones <roux@attbi.com>
Date: Thu, 23 May 2002 00:46:14 GMT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"News" <lloydm@totalise.co.uk_nospam> writes:

> [trm@trm-fw cgi-bin]$ perl whoami.pl
> uid=500(trm) gid=500(trm) groups=500(trm)
>
> <chmod 6755 logged in as root>
>
> [trm@trm-fw cgi-bin]$ perl whoami.pl
> uid=500(trm) gid=500(trm) euid=0(root) egid=0(root) groups=500(trm)
> [trm@trm-fw cgi-bin]$
>
> /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
>
> I'm no Redhat expert but it works.........

Ahhh, but you see what you did there, right? Your suid script means
nothing without the suid perl interpreter you called. As I said, the
Linux kernel will not respect suid permissions on an interpreted
script.

Perhaps this is just stupid semantics to you, but it is
important.

BTW, it has nothing to do with the distribution you use.

-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.

iD8DBQE87DdfwBVKl/Nci0oRAkcRAJ90rSmjpJ5p2EqiU+ST8UsEoW/YDACg2EMO
yqcxK9E7sSCQDE/UP1Elk10=
=ioAf
-----END PGP SIGNATURE-----