From owner-freebsd-security  Thu Jul 12 10:37:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98])
	by hub.freebsd.org (Postfix) with ESMTP id 4DD1D37B401
	for <security@FreeBSD.ORG>; Thu, 12 Jul 2001 10:37:19 -0700 (PDT)
	(envelope-from jdicioccio@epylon.com)
Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19)
	id <3SVWDA9Z>; Thu, 12 Jul 2001 10:37:18 -0700
Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFEFB9@goofy.epylon.lan>
From: Jason DiCioccio <jdicioccio@epylon.com>
To: 'Przemyslaw Frasunek' <venglin@freebsd.lublin.pl>,
	Jason DiCioccio <geniusj@bluenugget.net>,
	Matjaz Martincic <matjaz.martincic@hermes.si>, security@FreeBSD.ORG
Subject: RE: FreeBSD 4.3 local root
Date: Thu, 12 Jul 2001 10:37:10 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try naming it a.out, it sure didnt work for me that way..


- -------
Jason DiCioccio
Evil Genius
Unix BOFH
- -----Original Message-----
From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl]
Sent: Thursday, July 12, 2001 8:59 AM
To: Jason DiCioccio; Matjaz Martincic; security@FreeBSD.ORG
Subject: Re: FreeBSD 4.3 local root


> The binary must be named vv..
> Name the binary 'vv' and try again

No, because argv[0] is exec()ed:

  if(!execle(av[0],"vv",NULL,environ))
[...]

riget:venglin:~> cc -o dupa vvfreebsd.c
riget:venglin:~> ./dupa
vvfreebsd. Written by Georgi Guninski
shall jump to bfbffe72
child=81380
Password:done

# id
uid=0(root) gid=1001(users) groups=1001(users), 99(rexec)

- -- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL:
PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP:
D48684904685DF43EA93AFA13BE170BF *


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO03hH1CmU62pemyaEQIriQCg4bfyj3snwfqLbUFJbM0qDrfH7GcAoL7Z
xMkdpyQJ4BpdJUGL61rbBAjz
=aolt
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message