On Tue, Feb 03, 2004 at 10:01:22AM -0800, Rick Moen wrote:
> This is why we sysadmins teach people to say "/bin/su" when su'ing to
> root. Eh, you never learned that? Sorry to hear.
Exec to a new shell that ignores that, whatever, it doesn't matter.
The principle remains the same, once you have compromised a root
holders account, root is next, in pretty short order. It's not
hard, there are many many trivial ways.
> Produce a working example, and we'll talk.
I once used that very example to root a server whilst on lunch, as part of
a penetration test.
> You'll find that there are lots of little difficulties that you never
> anticipated. Hint: Those difficulties aren't there by accident.
There are *no* serious difficulties. Once you have a root users account,
you're there. Replace their shell, replace their binaries, invade their
memory, LD_PRELOAD, whatever you like. There are zero barriers to you
getting access to everything they do.
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!