|
|
Potential warning: 10.3.9 disables SUID/SGID flag
Allowing setuid scripts is extremely dangerous. Look at the following session
What is happening here? I'm logged in as jeremyp and although I'm using 10.3.9 I have the flag set that disables the new behaviour. In the directory I have a file called foo.txt which is owned by root and not writeable by me (jeremyp). There is also a root setuid script which I am going to use to compromise foo.txt. Assume somebody else set both of these up. I cat the setuid script looking for a suitable command to attack and find it makes use of ls so I set my path to look in . first and create an alternative version of ls that performs my skulduggery. Then I run the setuid script and hey presto, the read only file is hacked. Obviously, in real life I could and should defensively program the setuid script so that it is not vulnerable, but there may be other less obvious holes. At University, for instance, we discovered that, in BSD 4.2 sh if you changed the IFS variable to contain a "p", the word "export" looked like "ex ort" which meant that virtually any script you could name, setuid or otherwise, started with an invocation of a text editor. In a root setuid script that meant you had the ability to write to any file you like on the system. Edit: Added line break... |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|