Automatic root login
Peter da Silva
peter at graffiti.UUCP
Wed Nov 27 11:43:42 AEST 1985
> Also, since correct setuid programs are difficult to write, you must
> now worry not only about setuid-root programs but also setuid-priv
> programs (where "priv" is any user in the privileged class). A
> buggy setuid-priv program might be exploited to obtain a setuid-priv
> shell which could then be used to obtain root.
This is not the case. When you run a setuid program while you are setuid-ed
to someone else, it thinks you have your original uid, not whomever you have
setuid to. To demostrate this, try to perform an rmdir on someone's empty
directory while you are setuid to them. This is either a bug or a feature
depending on your perspective.
--
Name: Peter da Silva
Graphic: `-_-'
UUCP: ...!shell!{graffiti,baylor}!peter
IAEF: ...!kitty!baylor!peter
More information about the Comp.unix
mailing list