You forgot systems that use setuid bit to get escalation for scripts.
A quick google finds a few of those as well. :-) On 26/09/14 16:12, Kent Fredric wrote:
On 26 September 2014 16:06, Kent Fredric <[email protected] <mailto:[email protected]>> wrote:As long as any of those calls 'system()' and system is implemented in terms of 'sh -c' and 'sh' is a symlink to bash, ( a very common arrangement ), env based exploits will still work here as soon as a bash instance is fired. For some lovely examples of potential soft targets: https://github.com/search?q=php+exec+sudo+&ref=searchresults&type=Code&utf8=%E2%9C%93 http://nz1.php.net/manual/en/function.putenv.php Arbitrary code + sudo, what could possibly go wrong? -- Kent* * *KENTNL* - https://metacpan.org/author/KENTNL _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
_______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
