Re: Why SUID Binary exploit does not yield root shell?

From: buzzdee (reitenba@fh-brandenburg.de)
Date: Sun Mar 09 2003 - 01:26:09 PST

Next message: helmut schmidt: "Windows Shellcode - Using Detached_Process flag"

Previous message: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"
In reply to: Kryptik Logik: "Why SUID Binary exploit does not yield root shell?"
Next in thread: Brian Hatch: "Re: Why SUID Binary exploit does not yield root shell?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Samstag, 8. März 2003 21:40 schrieb Kryptik Logik:
> Folks:
>
> I've managed to find a buffer overflow and exploit it to exeve a /bin/sh
> using my payload shellcode. However, whenever I run my exploit, I do get a
> shell but just that it is an ordinary shell under my account (as id would
> indicate).
>
> The binary that I've exploited is suid bit set so theoretically shouldn't
> it create a root shell? I've tested my exploit on a small sample
> vulnerable program that I wrote with the exact same permissions as the
> binary in the system and I could get a root shell!
>
maybe the partition, on which your suid program is located is mounted with the 
nosuid parameter? 

<greetz>

Next message: helmut schmidt: "Windows Shellcode - Using Detached_Process flag"
Previous message: Shaun Clowes: "Re: Why SUID Binary exploit does not yield root shell?"
In reply to: Kryptik Logik: "Why SUID Binary exploit does not yield root shell?"
Next in thread: Brian Hatch: "Re: Why SUID Binary exploit does not yield root shell?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 09 2003 - 13:35:49 PST