On Wed, Apr 17, 2002 at 02:38:34PM +0000, helmut schmidt wrote: > Hello,
Hi, > I have set the SUID bit on /bin/bash but when I run from a normal > unprivileged user, I do not get a root shell - just a normal user context. > > When I do the same on Compaq Tru64 I get a root shell - as expected. > > Can someone explain why my Linux (Suse 6.2) will not play... A bash function : $ ls -l /tmp/sh -rwsr-xr-x 1 root bin 477756 Aug 25 2000 /tmp/sh* $ /tmp/sh $ id uid=1000(ducamp) gid=1000(ducamp) groups=1000(ducamp),10(wheel),11(floppy),14(uucp),100(users),102(src),999(sftp) $ exit exit $ /tmp/sh -p # id uid=1000(ducamp) gid=1000(ducamp) euid=0(root) groups=1000(ducamp),10(wheel),11(floppy),14(uucp),100(users),102(src),999(sftp) # exit exit $ Only bash v2 has that, not bash v1. Other modern shells may have that too. This is why all modern shell-code begin with a setreuid(0,0). Denis Ducamp. -- [EMAIL PROTECTED] --- Hervé Schauer Consultants --- http://www.hsc.fr/ Owl/Openwall/snort/hping/dsniff en français http://www.groar.org/trad/ Owl en français http://www.openwall.com/Owl/fr/ Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html
