Stephen wrote:
> Oh, and by the way, my /bin/bash isn't suid root. Feel free to buffer
> overflow and exploit it all you like. You shouldn't be able to get root access
> from it. If you can, Linux is broken and should be fixed.
Stephen, Andre is actually referring to a valid class of exploits there (there
are valid exploits to /bin/bash).
An old example was putting shellcode in a long pathname, creating a symlink to it
and tricking root to cd into it. But that's not the specific style he's
referring to obviously - that style usually lets you trigger off a shell script
and through that achieve the creation of a SUID root shell.
I'm just not sure exactly what he means by "shellstack memory push". Certainly not
a term I recall coming across, and in fact reputable security references and
search engines return no match.
David.
-- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ----------------------------------------------- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST