From owner-freebsd-security Tue Jun 10 12:52:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id MAA27835 for security-outgoing; Tue, 10 Jun 1997 12:52:25 -0700 (PDT) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA27818 for ; Tue, 10 Jun 1997 12:52:18 -0700 (PDT) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id VAA08052 for ; Tue, 10 Jun 1997 21:52:10 +0200 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id VAA19849 for freebsd-security@FreeBSD.ORG; Tue, 10 Jun 1997 21:51:47 +0200 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.5/keltia-uucp-2.9) id VAA09694; Tue, 10 Jun 1997 21:40:01 +0200 (CEST) Message-ID: <19970610214001.05348@keltia.freenix.fr> Date: Tue, 10 Jun 1997 21:40:01 +0200 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: suid exploit (??) References: <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.67 In-Reply-To: <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw>; from Yuang Shuang-Long on Tue, Jun 10, 1997 at 10:54:54PM +0000 X-Operating-System: FreeBSD 3.0-CURRENT ctm#3359 AMD-K6 MMX @ 208 MHz Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Yuang Shuang-Long: > I have a trouble that some users use the following prog. to get > root privilege, and the more they do some destructive thing. (eg. > delete some file /var/log/* :-( ) I need your help... I'm afraid I don't see how they can get root privs with this unless you have made it setuid root. The following lines can't executed only by root to succeed. This is on 3.0-CURRENT. To my knowledge, setuid/setgid has always been restricted to root (unless you want to become yourself). > if(setgid(pw->pw_gid) == -1) > perror("setgid"); > if(setuid(pw->pw_uid) == -1) > perror("setuid"); -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #18: Sun Jun 8 15:32:28 CEST 1997