On Sat, 22 Jul 2000, David Luyer wrote:
> Stephen wrote:
> > Oh, and by the way, my /bin/bash isn't suid root. Feel free to buffer
> > overflow and exploit it all you like. You shouldn't be able to get root access
> > from it. If you can, Linux is broken and should be fixed.
>
> Stephen, Andre is actually referring to a valid class of exploits there (there
> are valid exploits to /bin/bash).
>
> An old example was putting shellcode in a long pathname, creating a symlink to it
> and tricking root to cd into it. But that's not the specific style he's
> referring to obviously - that style usually lets you trigger off a shell script
> and through that achieve the creation of a SUID root shell.
>
> I'm just not sure exactly what he means by "shellstack memory push". Certainly not
> a term I recall coming across, and in fact reputable security references and
> search engines return no match.
>
David,
First thank you and an apology is extended for earlier comment.
I think this is the same but you leave and let it cook.
I only know that the code is small and have been told that this can be
done.
Respectfully,
Andre Hedrick
The Linux ATA/IDE guy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST