Date: Tue, 23 Oct 2007 14:47:09 -0700 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: Adam J Richardson <fatman@crackmonkey.us> Cc: Mayank Jain <mayank@in.niksun.com>, freebsd-questions@freebsd.org Subject: Re: su: not running setuid Message-ID: <20071023214709.GF57955@hal.rescomp.berkeley.edu> In-Reply-To: <471E54E0.5070200@crackmonkey.us> References: <200710221851.48278.mayank@in.niksun.com> <20071022202157.GF57955@hal.rescomp.berkeley.edu> <471E54E0.5070200@crackmonkey.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--+OcHDfVcPO70+1iC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 23, 2007 at 09:09:04PM +0100, Adam J Richardson wrote: > Christopher Cowart wrote: >> Unless you can find some local privilege escalation exploit, I'm >> thinking you're stuck. You can probably fix it in single-user mode: >> * Reboot >> * Pick single user mode from the boot menu >> * Accept the default shell >> $ fsck -p >> $ mount -u / >> $ mount -a -t ufs >> $ chown root /usr/bin/su >> But if the command above ran to completion, you probably have a mess of >> permissions on your filesystem. You may want to look into rebuilding / >> reinstalling world while you're in single.=20 >=20 > What about going to single user mode and editing /etc/passwd so the "root= "=20 > line has the username "uname"? Or add user "uname" with UID 0? The chown command would have looked up "uname" via libnss and used the numeric UID to alter the filesystem entries. The most you could do here is change the symbolic name for the "uname" user and make the ls -l output look different. Either way, you're stuck with the files on the filesystem not being owned by UID 0. I would highly recommend not mucking with /etc/passwd and letting rebuild world fix things. --=20 Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley --+OcHDfVcPO70+1iC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBRx5r3SPHEDszU3zYAQLp5w//akAqWLdm5pTTIP53S4FAthFKyj+/02+D ibKCpKamYWz4DJLO+NJn2/56ZIJxFopVtE4sMy3TCnmD0ZKaVqedF+q6rrdSQcO0 VXTdVn2QeehNdCZoBzfnPTgxZ43LdxT/wxe43OcT7c1yb9gI5UALQtvfymTSTISG fLMBmqXi/xBQgz+R+JFBQIMNj0HJCt2N0QhqJVwQZggJgjtZVA6SdfFJtjB+WqsT 4S+Hg+rqUariKjxErXOb/NnxZ4Fwd0oYTNCARYpUYl+UZbBWlUCvAYN72rlXVCkA 8Pil82EGcv9XoVt+vYp/qHyKz/U+Hie5Wl5CpxiRx2zyFr15ShokNsOZKVG0wzyu gkQXY7qtIxoQTWwkiTw0niSp/YbSyU9sQqC848sRP14BgVX00lNMPeW/HF1ZmFV1 6ilQfkCpcVXANUZeNEX3igV6lzHOtKG9dcSCWGQx3CisoCwvhmkt5BXvdn6ld9zk 6uN3eCQIB5tXF/U7rzQ1mZCKTqOTyAflgseqncqk9WmlHkUh1N2Ip4HSon3dBPAQ ZhoFNYI8HFnCK/kyYtkJg2E1jpWgpVs8tMGbq7EVN6VxgE029wqMjIsRhnRy7gDm py9TUfE5wadt+KIXcXl7tQajfVGkaVsy5Z/JXIy6Tfzk843P3fHGdq+3QRGeEgqV O/NRD4qAH/U= =MnPW -----END PGP SIGNATURE----- --+OcHDfVcPO70+1iC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071023214709.GF57955>