Re: Why SUID Binary exploit does not yield root shell?

Brian Hatch <vuln-dev@ifokr.org> writes:

>> I've managed to find a buffer overflow and exploit it to exeve a /bin/sh

That's true, but in this case he also tried with another buggy suid binary (at least that's what he said) and it _did_ work. If it were a bash protection technique, none of the buggy binaries could have given a root shell.

> Instead of using /bin/sh during your test, try /usr/bin/id just to

That is actually the only way I know to get a root bash prompt with the last bash versions

>
> Compile, install, and call that instead. You should probably just

csh isn't actually an unpleasant shell :)

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

> or any pretty much other shell-like program.

-- 
Andres Roldan 
CSO, Fluidsignal Group S.A.