/*
***
*** agroMANauer.c ***
*** linux SGID-man exploit ***
*** by [EMAIL PROTECTED] 2000 ***
*** tested on RedHat 5.1 ***
*** It gives
Isaac To wrote:
> But yes, it is ugly. It might be better if any SGID program is also SUID
> nobody, and re-acquire real user privilege only when required. But still,
> it is ugly.
That is not a viable approach unless the binary (and all other binaries
owned by nobody) also is immutable. If th
>>>>> "Solar" == Solar Designer <[EMAIL PROTECTED]> writes:
Solar> I wouldn't normally post this, but while we're on the topic...
Solar> There's an ancient problem with SGID man that I keep seeing on
Solar> various systems.
Solar Designer wrote:
> [ghost@alice ghost]$ man id
> Formatting page, please wait...
> [ghost@alice ghost]$ ls -l /var/catman/cat1/id.1.gz
> -r--rw-r-- 1 ghostman 806 Aug 1 06:14 /var/catman/cat1/id.1.gz
On some systems you can prevent this by making the catman directories
suid
tories, but is less obvious how to elevate these
> privilegies to get more privilegies.
I wouldn't normally post this, but while we're on the topic...
There's an ancient problem with SGID man that I keep seeing on
various systems. For example, on Red Hat 5.2:
[ghost@alice ghost]$ l