From owner-freebsd-bugs@FreeBSD.ORG  Sun Dec 11 09:30:07 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4ADF616A41F
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 11 Dec 2005 09:30:07 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 06AFC43D55
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 11 Dec 2005 09:30:07 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id jBB9U6b6058153
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 11 Dec 2005 09:30:06 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id jBB9U6N6058152;
	Sun, 11 Dec 2005 09:30:06 GMT (envelope-from gnats)
Date: Sun, 11 Dec 2005 09:30:06 GMT
Message-Id: <200512110930.jBB9U6N6058152@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Maxim Konovalov <maxim@macomnet.ru>
Cc: 
Subject: Re: bin/90228: lokal rooting
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Maxim Konovalov <maxim@macomnet.ru>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Dec 2005 09:30:07 -0000

The following reply was made to PR bin/90228; it has been noted by GNATS.

From: Maxim Konovalov <maxim@macomnet.ru>
To: Ph03n1X <king_purba@yahoo.co.uk>
Cc: bug-followup@freebsd.org
Subject: Re: bin/90228: lokal rooting
Date: Sun, 11 Dec 2005 12:27:02 +0300 (MSK)

 On Sun, 11 Dec 2005, 09:08-0000, Ph03n1X wrote:
 
 >
 > >Number:         90228
 > >Category:       bin
 > >Synopsis:       lokal rooting
 > >Confidential:   no
 > >Severity:       critical
 > >Priority:       high
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:
 > >Keywords:
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Sun Dec 11 09:10:03 GMT 2005
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Ph03n1X
 > >Release:        6.0 releses
 > >Organization:
 > nightlogin gadjah mada university
 > >Environment:
 > FreeBSD student.te.ugm.ac.id 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov  3 09:36:13 UTC 2005     root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC  i386
 >
 > >Description:
 > This is the vulneralability description :
 >
 > $cat tes.c
 > main()
 > {
 > setuid(0);
 > setgid(0);
 > system("/bin/sh");
 > }
 > $su -
 > Password:
 > #gcc -o tes tes.c
 > #chmod +s tes
 > #exit
 > $id
 > uid=1228(shelda03) gid=1228(shelda03) groups=1228(shelda03)
 > $./tes
 > #id
 > uid=0(root) gid=0(wheel) groups=0(wheel), 1228(shelda03)
 >
 > >How-To-Repeat:
 > I don't know
 > >Fix:
 > I don't know
 
 chmod -s tes
 
 -- 
 Maxim Konovalov