From owner-freebsd-security Tue Jun 10 14:39:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id OAA05287 for security-outgoing; Tue, 10 Jun 1997 14:39:02 -0700 (PDT) Received: from delsol.sunfire.net (root@delsol.sunfire.net [199.224.7.165]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA05258 for ; Tue, 10 Jun 1997 14:38:50 -0700 (PDT) Received: from localhost (afurman@localhost) by delsol.sunfire.net (8.8.5/8.6.12) with SMTP id RAA09533; Tue, 10 Jun 1997 17:38:12 -0400 (EDT) Date: Tue, 10 Jun 1997 17:38:12 -0400 (EDT) From: Adam Furman To: Ollivier Robert cc: freebsd-security@FreeBSD.ORG Subject: Re: suid exploit (??) In-Reply-To: <19970610214001.05348@keltia.freenix.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I also tried to run this script and the same thing was true for me. It had to be setuid root for it to work correctly. Adam Adam Furman Assistant System Administrator of United Computer Specialists afurman@amf.net Irc Admin of irc.ucs.net On Tue, 10 Jun 1997, Ollivier Robert wrote: > According to Yuang Shuang-Long: > > I have a trouble that some users use the following prog. to get > > root privilege, and the more they do some destructive thing. (eg. > > delete some file /var/log/* :-( ) I need your help... > > I'm afraid I don't see how they can get root privs with this unless you > have made it setuid root. > > The following lines can't executed only by root to succeed. This is on > 3.0-CURRENT. To my knowledge, setuid/setgid has always been restricted to > root (unless you want to become yourself). > > > if(setgid(pw->pw_gid) == -1) > > perror("setgid"); > > if(setuid(pw->pw_uid) == -1) > > perror("setuid"); > > -- > Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr > FreeBSD keltia.freenix.fr 3.0-CURRENT #18: Sun Jun 8 15:32:28 CEST 1997 >