From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Thu, 18 May 2006 18:52:31 +0400
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
Message-ID: <20060518145231.GA29158@basalt.office.altlinux.org>
Mail-Followup-To: ALT Linux Sisyphus discussion list
	<sisyphus@lists.altlinux.org>
References: <200605172052.50799.sisyphus@atlantic-link.com.ua>
	<200605181437.18197.sisyphus@atlantic-link.com.ua>
	<20060518121759.GA23118@basalt.office.altlinux.org>
	<200605181741.52308.sisyphus@atlantic-link.com.ua>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0"
Content-Disposition: inline
In-Reply-To: <200605181741.52308.sisyphus@atlantic-link.com.ua>
X-fingerprint: FE4C 93AB E19A 2E4C CB5D  3E4E 7CAB E6AC 9E35 361E
Subject: Re: [sisyphus] temporary root privileges from local process
X-BeenThere: sisyphus@lists.altlinux.org
X-Mailman-Version: 2.1.7
Precedence: list
Reply-To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
List-Id: ALT Linux Sisyphus discussion list <sisyphus.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus>
List-Post: <mailto:sisyphus@lists.altlinux.org>
List-Help: <mailto:sisyphus-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus>,
	<mailto:sisyphus-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2006 14:52:32 -0000
Archived-At: <http://lore.altlinux.org/sisyphus/20060518145231.GA29158@basalt.office.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus/>
List-Post: <mailto:sisyphus@altlinux.ru>


--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 18, 2006 at 05:41:52PM +0300, Vadym Kononenko wrote:
> =DE=C5=D4=D7=C5=D2 18 =D4=D2=C1=D7=C5=CE=D8 2006 15:17, Dmitry V. Levin =
=CE=C1=D0=C9=D3=C1=D7:
> > int main()
> >
> > > {
> > > =9A =9A if (geteuid() !=3D 0) exit(1);
> > >
> > > =9A =9A setuid(0);
> > >
> > > =9A =9A return system("/sbin/service bluetooth reload");
> > > }
> >
> > =FC=D4=CF instant root, =D4.=C5. =DA=C1=D0=D5=D3=CB=C1=C0=DD=C9=CA =DC=
=D4=D5 =D0=D2=C9=D7=C9=CC=C5=C7=C9=D2=CF=D7=C1=CE=CE=D5=C0 =D0=D2=CF=C7=D2=
=C1=CD=CD=D5
> > =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=D8 =CD=CF=D6=C5=D4 =CE=C5 =CE=C1=D0=
=D2=D1=C7=C1=D1=D3=D8 =D0=CF=CC=D5=DE=C9=D4=D8 =D0=D2=C1=D7=C1 setuid(0).
>=20
> =F1 =D4=C1=CB =D0=CF=CE=C9=CD=C1=C0, =DC=D4=CF =C9=DA-=DA=C1 =DA=C1=D0=D5=
=D3=CB=C1 =DB=C5=CC=CC=C1 =D3 =D2=D5=D4=CF=D7=D9=CD=C9 =D0=D2=C1=D7=C1=CD=
=C9? =F4=CF=C7=C4=C1 =D3=CC=C5=C4=D5=C0=DD=C9=CA=20
> =D7=C1=D2=C9=C1=CE=D4 =C4=CF=CC=D6=C5=CE =DC=D4=CF =C9=D3=D0=D2=C1=D7=CC=
=D1=D4=D8:
>     return execl("/sbin/service" , "service", "bluetooth", "reload", NULL=
);
> ?

/sbin/service - =DC=D4=CF shell-=D3=CB=D2=C9=D0=D4.
=EB=C1=CB =CD=C9=CE=C9=CD=D5=CD =D7=C1=CD =CE=D5=D6=CE=CF =C9=D3=D0=CF=CC=
=D8=DA=CF=D7=C1=D4=D8 execle.


--=20
ldv

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEbIovfKvmrJ41Nh4RAhKnAKCwE6w/9UhGIKwgq+aYQnnPuhKi0wCeKnsK
HfU8I87sXS8ZEi1R1n2yA+c=
=lM9l
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--