Date: Sun, 11 Dec 2005 09:30:06 GMT From: Maxim Konovalov <maxim@macomnet.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/90228: lokal rooting Message-ID: <200512110930.jBB9U6N6058152@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/90228; it has been noted by GNATS.
From: Maxim Konovalov <maxim@macomnet.ru>
To: Ph03n1X <king_purba@yahoo.co.uk>
Cc: bug-followup@freebsd.org
Subject: Re: bin/90228: lokal rooting
Date: Sun, 11 Dec 2005 12:27:02 +0300 (MSK)
On Sun, 11 Dec 2005, 09:08-0000, Ph03n1X wrote:
>
> >Number: 90228
> >Category: bin
> >Synopsis: lokal rooting
> >Confidential: no
> >Severity: critical
> >Priority: high
> >Responsible: freebsd-bugs
> >State: open
> >Quarter:
> >Keywords:
> >Date-Required:
> >Class: sw-bug
> >Submitter-Id: current-users
> >Arrival-Date: Sun Dec 11 09:10:03 GMT 2005
> >Closed-Date:
> >Last-Modified:
> >Originator: Ph03n1X
> >Release: 6.0 releses
> >Organization:
> nightlogin gadjah mada university
> >Environment:
> FreeBSD student.te.ugm.ac.id 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
>
> >Description:
> This is the vulneralability description :
>
> $cat tes.c
> main()
> {
> setuid(0);
> setgid(0);
> system("/bin/sh");
> }
> $su -
> Password:
> #gcc -o tes tes.c
> #chmod +s tes
> #exit
> $id
> uid=1228(shelda03) gid=1228(shelda03) groups=1228(shelda03)
> $./tes
> #id
> uid=0(root) gid=0(wheel) groups=0(wheel), 1228(shelda03)
>
> >How-To-Repeat:
> I don't know
> >Fix:
> I don't know
chmod -s tes
--
Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512110930.jBB9U6N6058152>