Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security hole in Confixx backup script

From: Valdis.Kletnieks () vt edu
Date: Tue, 10 Aug 2004 14:02:19 -0400
On Tue, 10 Aug 2004 17:16:43 +0200, Thomas Loch said:

What would I have to do then? (excuse my lack of knowledge, please)


'man cp' and 'man chmod'.  Given cp and chmod and initial access to the
ability to run commands as a suitable user, a set-UID bash is achievable...

(Note that you end up with a bash set-UID to the userid you do it under - that DOES
matter...)

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: