T. Freak wrote: > > While a buffer overflow is blantenly obvious in the code, I don't think it > is very dangerous. Observe. > > (exploit attempt) > sh-2.01$ id > uid=1000(tfreak) gid=1000(tfreak) > groups=1000(tfreak),0(root),4(adm),7(lp),24(cdrom),25(floppy),31(majordom),69(geek) > sh-2.01$ The version of bash you are running is the key here... 2.01 renounces setuid/setgid privs when called as "sh", e.g., system() within a program, unless the "-p" flag is passed. See the "NOTES" file in the root directory of the bash-2.01.1 distribution for details. -- Bob Tracy | "Eagles may soar, but weasels don't get AFIWC/TIPER | sucked into jet engines." rctat_private | --Anon
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:45:51 PDT