Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: LinCity Buffer OverflowBob Tracy - TDS (rctMERKIN.CSAP.AF.MIL)
Mon, 16 Mar 1998 13:40:21 -0600
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: trey: "BSD/OS 3.0 config_anonftp script"
- Previous message: bstINAME.COM: "Re: Lincity Buffer Overflow"
- In reply to: T. Freak: "LinCity Buffer Overflow"
- Next in thread: John Goerzen: "Re: LinCity Buffer Overflow"
T. Freak wrote: > > While a buffer overflow is blantenly obvious in the code, I don't think it > is very dangerous. Observe. > > (exploit attempt) > sh-2.01$ id > uid=1000(tfreak) gid=1000(tfreak) > groups=1000(tfreak),0(root),4(adm),7(lp),24(cdrom),25(floppy),31(majordom),69(geek) > sh-2.01$ The version of bash you are running is the key here... 2.01 renounces setuid/setgid privs when called as "sh", e.g., system() within a program, unless the "-p" flag is passed. See the "NOTES" file in the root directory of the bash-2.01.1 distribution for details. -- Bob Tracy | "Eagles may soar, but weasels don't get AFIWC/TIPER | sucked into jet engines." rctmerkin.csap.af.mil | --Anon