suid

gdb exiting instead of spawning a shell

淺唱寂寞╮ 提交于 2021-02-07 20:09:15
问题 I am trying to exploit a SUID program. The program is: #include <stdlib.h> #include <unistd.h> #include <string.h> #include <stdio.h> #define e(); if(((unsigned int)ptr & 0xff000000)==0xca000000) { setresuid(geteuid(), geteuid(), geteuid()); execlp("/bin/sh", "sh", "-i", NULL); } void print(unsigned char *buf, int len) { int i; printf("[ "); for(i=0; i < len; i++) printf("%x ", buf[i]); printf(" ]\n"); } int main() { unsigned char buf[512]; unsigned char *ptr = buf + (sizeof(buf)/2); unsigned

compile & execute Chromium failed due to SUID sandbox issue

此生再无相见时 提交于 2020-06-08 08:02:16
问题 What I'm trying to do : Compile and run Chromium source code on Ubuntu 13.10 Steps I've taken : git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git add to bashrc : export PATH="$PATH":/home/y0.kim/project/depot_tools export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox fetch --nohooks chromium --nosvn=True git checkout master build/install-build-deps.sh git pull gclient sync ninja -C out/Debug chrome chrome_sandbox build/update-linux-sandbox.sh out/Debug

NSTask, command line tools and root

ぐ巨炮叔叔 提交于 2020-01-01 09:43:14
问题 I'm working on an app that needs to use dd (I do this with a shell script in the app bundle, that collects parameters from the app itself, makes some checks and then launches dd). To make this operation I need to call dd with root, and I already looked at several solutions on StackOverflow. The simplest to implements seemed to me this one http://www.sveinbjorn.org/STPrivilegedTask Problem is that my NSTask makes some complex read/write operations (not present in STPrivilegedTask) and does not

What choices do I have on MS Windows platforms for the equivalent of SUID from Unix-based platforms?

a 夏天 提交于 2019-12-21 05:03:10
问题 To understand what I'm asking, it's important to distinguish from among the several uses of SUID in Unix. I have a project that uses an executable in the user's PATH which is owned by the project and which has the SUID bit set. In this way, when it runs, it runs in the context of the file's owner, not the calling user. This way, it has access to things that the user does not, and thereby these things are protected from the user by normal file system protections. This works reasonably well.

Security concerns with a Python PAM module?

余生长醉 提交于 2019-12-21 03:49:34
问题 I'm interested in writing a PAM module that would make use of a popular authentication mechanism for Unix logins. Most of my past programming experience has been in Python, and the system I'm interacting with already has a Python API. I googled around and found pam_python, which allows PAM modules to invoke the python intrepreter, therefore allowing PAM modules to be written essentially in Python. However, I've read that there are security risks when allowing a user to invoke Python code that

How to restart Linux from inside a C++ program?

混江龙づ霸主 提交于 2019-12-20 19:45:21
问题 I have a Qt 4 GUI where I need to have a option in a drop-down menu that allows the user to choose to restart the computer. I realize this might seem redunant with the ability to restart the computer in other ways, but the choice needs to stay there. I've tried using system() to call the following: a suid-root shell script a non-suid shell script a suid-root binary program and all of them just cause reboot: must be superuser to be printed. Using system() to call reboot directly does the same

From PHP/Apache, exec() or system() program as root: “sudo: unable to open audit system: Permission denied”

六眼飞鱼酱① 提交于 2019-12-12 16:25:17
问题 I have been spending half a day trying to figure this out, and I've done a lot of research. I'm also familiar with many of the existing discussions on this topic, such as this one: How to run PHP exec() as root? Unfortunately, none of the suggestions I've found seem to work for me. First of all, I am writing something to a spec, so I can't really avoid doing this. Also, all machines will exist on a private network that is not connected to the internet. While it's important to have SOME

How to enable suidperl in Debian wheezy?

时光总嘲笑我的痴心妄想 提交于 2019-12-11 13:22:01
问题 I have a Perl script which is owned by root and have setuid. In this script I am changing the owner of a file passed as argument. But on running this script I am getting chown: changing ownership of `file': Operation not permitted Someone told me script with setuid run with suidperl by default if it is enable. But I don't think so that is happening in my case. Can anyone help me in this matter? I am using Debian wheezy. My Perl version is 5.14.2. I tried apt-get install perl-suid but it did

linux:SUID、SGID详解

╄→尐↘猪︶ㄣ 提交于 2019-12-07 10:22:34
  由于用户在UNIX下经常会遇到SUID、SGID的概念,而且SUID和SGID涉及到系统安全,所以用户也比较关心这个问题。关于SUID、SGID的问题也经常有人提问,但回答的人一般答得不够详细,加上曾经回答过两个网友的问题,还查了一些资料,决定整理成本文,以供大家参考。限于本人的水平问题,文章中如果有不当之处,请广大网友指正。 一. UNIX下关于文件权限的表示方法和解析 SUID是Set User ID, SGID是Set Group ID的意思。 UNIX下可以用‘ls -l’命令来看到文件的权限。用ls命令所得到的表示法的格式是类似这样的:-rwxr-xr-x。下面解析一下格式所表示的意思。这种表示方法一共有十位: 9 8 7 6 5 4 3 2 1 0 - r w x r - x r - x 第9位表示文件类型,可以为p、d、l、s、c、b和-: p表示命名管道文件 d表示目录文件 l表示符号连接文件 -表示普通文件 s表示socket文件 c表示字符设备文件 b表示块设备文件 第8-6位、5-3位、2-0位分别表示文件所有者的权限,同组用户的权限,其他用户的权限,其形式为rwx: r表示可读,可以读出文件的内容 w表示可写,可以修改文件的内容 x表示可执行,可运行这个程序 -表示没有权限 # 示例 $ls -l myfile -rwxr-x--- 1 foo

Linux中SUID和SGID详解

╄→гoц情女王★ 提交于 2019-12-06 18:31:38
如果你对SUID、SGID仍有迷惑可以好好参考一下! 由 于用户在UNIX下经常会遇到SUID、SGID的概念,而且SUID和SGID涉及到系统安全,所以用户也比较关心这个问题。关于SUID、SGID的 问题也经常有人提问,但回答的人一般答得不够详细,加上曾经回答过两个网友的问题,还查了一些资料,决定整理成本文,以供大家参考。限于本人的水平问题, 文章中如果有不当之处,请广大网友指正。 一、UNIX下关于文件权限的表示方法和解析 SUID 是 Set User ID, SGID 是 Set Group ID的意思。 UNIX下可以用ls -l 命令来看到文件的权限。用ls命令所得到的表示法的格式是类似这样的:-rwxr-xr-x 。下面解析一下格式所表示的意思。这种表示方法一共有十位: 9 8 7 6 5 4 3 2 1 0 - r w x r - x r - x 第9位表示文件类型,可以为p、d、l、s、c、b和-: p表示命名管道文件 d表示目录文件 l表示符号连接文件 -表示普通文件 s表示socket文件 c表示字符设备文件 b表示块设备文件 第8-6位、5-3位、2-0位分别表示文件所有者的权限,同组用户的权限,其他用户的权限,其形式为rwx: r表示可读,可以读出文件的内容 w表示可写,可以修改文件的内容 x表示可执行,可运行这个程序 没有权限的位置用-表示 例子: