Date: Sat, 3 Mar 2001 16:47:21 -0800 (PST) From: Dan Phoenix <dphoenix@bravenet.com> To: Chris Costello <chris@calldei.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: easy way to crash freebsd Message-ID: <Pine.BSO.4.21.0103031637150.6427-100000@gandalf.bravenet.com> In-Reply-To: <20010303122419.L2028@holly.calldei.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 Mar 2001, Chris Costello wrote: > Date: Sat, 03 Mar 2001 12:24:19 -0600 > From: Chris Costello <chris@calldei.com> > To: Dan Phoenix <dphoenix@bravenet.com> > Cc: freebsd-hackers@FreeBSD.ORG > Subject: Re: easy way to crash freebsd > > On Friday, March 02, 2001, Dan Phoenix wrote: > > People asking me how this could be used as a local user. > > Well i guess if you wanted to you could find something root runs > > that writes to /tmp then umask resolv.conf > > and echo "" > resolv.conf > > Could you expand on this, please? What does finding a root > utility that writes to /tmp have to do with umasking a file? > (I've found it rather difficult to umask files in the past.) > > -- > +-------------------+----------------------------+ > | Chris Costello | I just found the last bug. | > | chris@calldei.com | | > +-------------------+----------------------------+ > Well one one the concepts is to umask 4777 then write as many tmp files to the tmp dir as you can symlinking to say /etc/master.passwd....which would really do nothing i would imagine...symlinking to spwd.db would prob be better. Afterwards you have write perms to the file with whatever root wrote to it. I beleive that is the basic concept....many of these have been fixed. BTW in no way do I promote this....just explaining the concept. [root@elrond dphoenix]# ls /tmp commitlog* elist.log fcsignup.log mysql.sock= screens/ [root@elrond dphoenix]# for me shows this.....I guess in this case you could wait for root to shutdown mysql and link that mysql.sock= to some database you want overwritten. I am not sure if it works the same for socket files. Best to ask one the unix gurus :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.21.0103031637150.6427-100000>