Doubt In Setuid And Buffer Overflwo Programs
Results 1 to 2 of 2

Thread: Doubt In Setuid And Buffer Overflwo Programs

  1. #1
    Member
    Join Date
    Sep 2001
    Posts
    61

    Doubt In Setuid And Buffer Overflwo Programs

    i was experimenting with setuid programs tried out the following code on my linux machine..
    suppose the filename is exploit.c

    main(int argc,char **argv)
    {
    system("/bin/sh");
    }

    i compiled the program as root and made it setuid using
    chmod u+s exploit and then put it in the bin section...
    then i logged in as an ordinary user and ran exploit from my command
    prompt..i got a shell however i did not get a root shell as i expected..what is it that went wrong???
    further i would also like to know the way the stack works in Red Hat Linux 7.1..i have tried several tutorials that teach about stack overflow ..i followed the instructions to the point..however when i execute the program all that i get is a segmentation fault and not a root shell..
    Share on Google+

  2. #2
    Member
    Join Date
    Oct 2001
    Posts
    88
    The two things that you are describing are older *n*x exploits. They affected earlier versions of Linux, Solaris, *BSD, and others, HP-UX, IRIX, AIX etc.. etc..

    Although they could resurface some day, any day for that matter, most of the Flavors and Distro's have taken steps to correct this. A tut on writting buffer overflows can be found at http://www.insecure.org/stf/mudge_bu..._tutorial.html.

    The ipstack in Red Hat is the same as in any linux Ditro running that version of the kernel or class of kernel ( 2.2.x, 2.4.x etc.).

    I haven't messed around with tripping off a setuid binary locally so I really don't have much advice on doing this. To find out what is setuid and setgrpid on a system do:

    # find / \( -perm -02000 -o -perm -04000 \) - ls

    -- or to redirect it to a file --

    # find / \( -perm -02000 -o -perm -04000 \) - ls > setXid.txt
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides