On Wednesday 12 July 2006 03:15, Roman Medina-Heigl Hernandez wrote: Ignore my previous post, it does create a setuid bash version in /tmp/sh, the reason it doesn't work is due to SELinux contexts.
--Ariel > Maybe this is obvious for Paul Starzetz (as well as many other people) but > full-disclosure is not really "full" without exploit code. > > Working exploit attached. You can also download it from: > http://www.rs-labs.com/exploitsntools/rs_prctl_kernel.c > > Greetz to !dSR ppl :-) -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
