Blaisorblade wrote on Friday, 11 November 2005 4:19 a.m.: > How can anybody have a program "setuid root" there unless he has root > access first?
If you can trick root or a program running as root into creating files or changing permissions for you, it's not that hard (eg. symlink attack). Granted, situations where root would be writing setuid files as a matter of course are not very frequent, and it would be tricky to make it write your file and yet keep the setuid bit, but I think it is still possible under the right circumstances. You could also do it if you were somehow able to NFS-mount another machine that you had root access on. I'm sure there are other ways if the right exploit is unpatched, too. Cheers, Paul --------------------------------------------------------- Paul Eggleton Ph: +64-9-4154790 System Administrator Fax: +64-9-4154791 CJN Technologies Ltd. DDI: +64-9-4154795 http://www.cjntech.co.nz Email: [EMAIL PROTECTED] --------------------------------------------------------- ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ User-mode-linux-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
