On Sat, 22 Jul 2000, David Luyer wrote:
> Stephen wrote:
> > Oh, and by the way, my /bin/bash isn't suid root. Feel free to buffer
> > overflow and exploit it all you like. You shouldn't be able to get root access
> > from it. If you can, Linux is broken and should be fixed.
>
> Stephen, Andre is actually referring to a valid class of exploits there (there
> are valid exploits to /bin/bash).
To gain root access?
> An old example was putting shellcode in a long pathname, creating a symlink to it
> and tricking root to cd into it. But that's not the specific style he's
> referring to obviously - that style usually lets you trigger off a shell script
> and through that achieve the creation of a SUID root shell.
Such things likely would fall under 'stupid admin' issues.
> I'm just not sure exactly what he means by "shellstack memory push". Certainly not
> a term I recall coming across, and in fact reputable security references and
> search engines return no match.
Hopefully at some point we'll actually get some useful information.
Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST