Hi,
On 1/8/21 1:39, aitor wrote:
I'm looking for a safer way to run the binary with suid permissions
using the shared memory of the system to send a signal.
Time ago somebody said me: "you can do nothing from your binary that i
can't do externally from another binary".
So, am i wasting time?
Today i've been testing the idea and it's working for me. I'd like to
prepare an example and share with all of you to resolve vulnerabilities.
The example consists of a window with a button (to run the suid binary)
and another binary -the intruder- located in the same directory
and trying to do the same by using the other party's PID pretending to
be the window. The result is a segmentation fault.
I insist on trying to find the safest approach to run the suid binary
because this is important not only for simple-netaid, but also for hopman,
which will require granted permissions for running the *eject* command
or the like (among others?).
Cheers,
Aitor.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
