[mdlug] Linux root exploit
Aaron Kulkis
akulkis3 at hotpop.com
Mon Feb 11 12:31:52 EST 2008
Michael wrote:
> Could this be a point for sudo instead of su? (Does this work with root
> turned off?)
You can never totally "turn off" root -- User ID 0 always
exists, and will always have its "super-user" powers.
that's completely independant of whether you turn off
the ability to login to root, or su to it, or whatever,
because this is obviously bypassing the su mechanisms.
>
> On Feb 10, 2008 10:11 PM, Dave Arbogast <mdlug3 at arb.net> wrote:
>
>>
>> Clinton V. Weiss wrote:
>>
>>> On Sun, Feb 10, 2008 at 8:53 PM, Michael Corral <micorral at comcast.net>
>>> wrote:
>>>
>>>
>>>
>>>> 2008-02-10, Monsieur Dave Arbogast a ecrit:
>>>>
>>>>
>>>>> Tried it on a SuSE 10.x I have - does not work. Of course I have auto
>>>>> update enabled ;-) but it looks like that has nothing to do with it now
>>>>> working on mine.
>>>>>
>>>>>
>>>> What happened when you ran that exploit program as a nonroot user?
>>>> At first I thought it didn't work on my F7 system, because I didn't
>>>> get a root command prompt (it still showed $ instead of #). But then
>>>> I tried a few things that only root can do, and sure enough it worked.
>>>> Yikes!
>>>>
>>>> Here's a quick way to test if your system is vulnerable:
>>>> 1. Download <
>>>> http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c>
>>>> 2. gcc -o exploit 27704.c
>>>> 3. [as non-privileged user] ./exploit
>>>> 4. Try do do some root stuff.
>>>>
>>>>
>>>>
>>> I tried this and all I get is a compile error with step 2. I guess
>> that's a
>>> good thing?
>>>
>>> (running Gentoo stable)
>>>
>>> Clinton
>>>
>>>
>>>
>> Try it again Clinton - I got that the first time too. Second time I got
>> a root prompt.
>>
>> It is a big deal if you have other users on your system that have a shell.
>>
>> -dave
>> _______________________________________________
>> mdlug mailing list
>> mdlug at mdlug.org
>> http://mdlug.org/mailman/listinfo/mdlug
>>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
More information about the mdlug
mailing list