[Eug-lug] local root exploit via setuid
larry a price
laprice at efn.org
Thu Apr 29 17:07:53 PDT 2004
Any time you allow a user to execute a program with more permissions than
the user has, if that program allows for shell escapes or has a buffer
overflow or reads files the user can write to and executes commands based
on those. Then you have a vulnerability.
You can mitigate this class of vulnerability by mounting some filesystems
nosuid ; but this only works if there is no publicly available wrapper
program like suidperl (for instance).
you can't do this to / /bin or /usr/bin and the like but since regular
users are prevented from writing there, they shouldn't be able to append
their own code to those binaries.
You can scan for suid programs (there are a couple of necessary ones)
find /usr/bin/ -perm 4555 -print
will give a list of some of the more common ones
More information about the EUGLUG
mailing list