[963] in bugtraq

home help back first fref pref prev next nref lref last post

Re: SUID shell scripts, questions?

daemon@ATHENA.MIT.EDU (Greg Woods)
Fri Feb 10 20:41:51 1995

To: elfchief@lupine.org (That Whispering Wolf...)
Date: Fri, 10 Feb 95 17:23:11 MST
Cc: bugtraq@fc.net
In-Reply-To: <199502101901.AA21735@lupine.org>; from "That Whispering Wolf..." at Feb 10, 95 2:01 pm
From: woods@ncar.ucar.edu (Greg Woods)

>Since starting the shell can take
> a finite amount of time, there's a race condition where you can substitute
> in a different file for the one that originally spawned the shell.

Or you can just create a symlink to a setuid script called "-i". Guess
what happens when the system executes "sh -i"? Don't even need the
race condition. And even without this, you could always overwrite the
SAME file with something new, so the fd doesn't change.

--Greg

home help back first fref pref prev next nref lref last post