Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Show which processes are listening to which ports' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Show which processes are listening to which ports
Authored by: 97mop on May 07, '07 08:10:29AM

Never use setuid on a shell script! Simply by making a softlink from your script to a file named "-i", anyone can root you. Google it for details, but basically adding #!/bin/sh to the beginning of the file will cause the shell to take the name of the script ($0) and create a new command with /bin/sh and then the name of the script. If the filename of the script is -i, then the command becomes "/bin/sh -i", and your attacker just got an interactive root shell.



[ Reply to This | # ]