Full Disclosure mailing list archives
Re: Security hole in Confixx backup script
From: Valdis.Kletnieks () vt edu
Date: Tue, 10 Aug 2004 14:02:19 -0400
On Tue, 10 Aug 2004 17:16:43 +0200, Thomas Loch said:
What would I have to do then? (excuse my lack of knowledge, please)
'man cp' and 'man chmod'. Given cp and chmod and initial access to the ability to run commands as a suitable user, a set-UID bash is achievable... (Note that you end up with a bash set-UID to the userid you do it under - that DOES matter...)
Attachment:
_bin
Description:
Current thread:
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 02)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 09)
- Re: Security hole in Confixx backup script Thomas Loch (Aug 09)
- Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 09)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 10)
- Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 10)
- Re: Security hole in Confixx backup script Thomas Loch (Aug 10)
- Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 10)
- Re: Security hole in Confixx backup script Thomas Loch (Aug 09)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 10)
- RE: Security hole in Confixx backup script Aditya, ALD [Aditya Lalit Deshmukh] (Aug 10)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 09)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 13)