[204] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Setuid programs run from shell scripts?

daemon@ATHENA.MIT.EDU (Julian Assange)
Thu Nov 17 15:15:17 1994

Date: Fri, 18 Nov 1994 03:59:19 +0100
From: Julian Assange <proff@suburbia.apana.org.au>
To: Fred Blonder <fred@nasirc.hq.nasa.gov>
Cc: karl@bagpuss.demon.co.uk, Quentin.Fennessy@sematech.org,
        fred@nasirc.hq.nasa.gov, mcn@c3serve.c3.lanl.gov, bugtraq@fc.net
In-Reply-To: <199411171611.LAA04177@nasirc.hq.nasa.gov>



On Thu, 17 Nov 1994, Fred Blonder wrote:

> 	From: Julian Assange <proff@suburbia.apana.org.au>
> 
> 		.
> 		.
> 		.
> 
> 	Of course, to make things really interesting, we could have n files, 
> 	comprised of n-1 setuid/setgid scripts and 1 setuid/setgid binary, with 
> 	each script calling the next as its #! argument and the last calling the 
> 	binary. ;-)
> 
> The '#!' exec-hack does not work recursively.  I just tried it under SunOs 4.1.3
> It generated no diagnostics and exited with status 0, but it also didn't execute
> the target binary.
> 

#include <stdio.h>
main(int c, char **v)
{
        char s[255];
        FILE *fh; 
        int n=atoi(v[1]); 
        while (n--)
        {
                sprintf(s, "f%d", n);  
                fh=fopen(s, "w"); 
                fprintf(fh, "#!f%d", n+1); 
                fchmod(fileno(fh), 0700); 
                fclose(fh); 
        }
} 

Does under linux (300 deep at least). However, linux doesn't permit suid
scripts in anyvent. Other platforms I have not as yet tested. 

Proff

home help back first fref pref prev next nref lref last post