Hi,
with the stock debian shadow packages, trying the exploit in message #86
gives me:
root@d2:~# su - testme
exit
echo Payload as $(whoami)
testme@d2:~$ exit
logout
root@d2:~# echo Payload as $(whoami)
Payload as root
With this patch on top of 4.1.5, I get
root@d3:~# su - testme
configuration
Hello,
I've successfuly tested an implementation which
keeps the exploit running in the background
_after_ returning control back to rot user. The
running exploit then periodicaly inserts commands
into root terminal, like whoami, rm -rf / etc :)
So flushing the input queue isn't a
Hello,
On Fri, Mar 29, 2013 at 11:54:21PM +0100, Wolfgang
Zarre wrote:
I think that in any case the right solution is
in just flushing the input queue before
returning to the caller which would not just
protect in case of hijacking but also of buggy
applications.
I've successfuly tested an
3 matches
Mail list logo
