From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <44215D79.9080205@ats-manager.stc.donpac.ru> Date: Wed, 22 Mar 2006 17:21:45 +0300 From: Eugene Prokopiev User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.7.2) Gecko/20040808 X-Accept-Language: ru-ru, ru MIME-Version: 1.0 To: ALT Linux Sisyphus discussion list References: <441FB506.7010501@ats-manager.stc.donpac.ru> <200603211712.45824.serpiph@nikiet.ru> <44200C3B.5060707@ats-manager.stc.donpac.ru> <200603211753.46023.altlinux-sisyphus@yandex.ru> <44213E62.6080403@ats-manager.stc.donpac.ru> <44214203.5060108@ats-manager.stc.donpac.ru> In-Reply-To: <44214203.5060108@ats-manager.stc.donpac.ru> Content-Type: text/plain; charset=KOI8-R; format=flowed X-DSPAM-Result: Whitelisted X-DSPAM-Processed: Wed Mar 22 17:21:42 2006 X-DSPAM-Confidence: 0.9899 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 107,44215d76268834081850013 X-DSPAM-Factors: 27, Received*Postfix+with, 0.01000, Subject*Permission+denied, 0.01000, С, 0.01000, Subject*bin+zsh, 0.01000, To*ALT+Linux, 0.01000, Content-Type*text+plain, 0.01000, User-Agent*ru-RU+rv, 0.01000, Received*ESMTP, 0.01000, Content-Transfer-Encoding*8bit, 0.01000, To*Linux+Sisyphus, 0.01000, User-Agent*X11+U, 0.01000, это, 0.01000, еще, 0.01000, From*ats-manager.stc.donpac.ru, 0.01000, To*sisyphus, 0.01000, To*Sisyphus, 0.01000, что, 0.01000, User-Agent*U, 0.01000, Евгений, 0.01000, чтобы, 0.01000, In-Reply-To*ats-manager.stc.donpac.ru, 0.01000, из, 0.01000, sh, 0.01000, sh, 0.01000, Subject*sisyphus+dist-upgrade, 0.01000, Content-Type*plain, 0.01000, при, 0.01000 Content-Transfer-Encoding: quoted-printable Subject: Re: [sisyphus] dist-upgrade -> /bin/zsh: Permission denied X-BeenThere: sisyphus@lists.altlinux.org X-Mailman-Version: 2.1.7 Precedence: list Reply-To: ALT Linux Sisyphus discussion list List-Id: ALT Linux Sisyphus discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 14:21:58 -0000 Archived-At: List-Archive: List-Post: =EE=C1=D0=C9=D3=C1=CC =D4=C1=CB=D5=C0 =D0=D2=CF=C7=D2=C1=CD=CD=D5 :) #include #include #include #include #include int main(int argc, char **argv) { setuid(500); execve("/bin/sh", 0, 0); return 0; } strace =D0=D2=C9 =C5=C5 =D7=D9=D0=CF=CC=CE=C5=CE=C9=C9 =D7=D9=C4=C1=C5=D4= : execve("./setuid", ["./setuid"], [/* 27 vars */]) =3D 0 uname({sys=3D"Linux", node=3D"test.stc.donpac.ru", ...}) =3D 0 brk(0) =3D 0x804a000 access("/etc/ld.so.preload", R_OK) =3D -1 ENOENT (No such file or=20 directory) open("/etc/ld.so.cache", O_RDONLY) =3D 3 fstat64(3, {st_mode=3DS_IFREG|0644, st_size=3D10388, ...}) =3D 0 mmap2(NULL, 10388, PROT_READ, MAP_PRIVATE, 3, 0) =3D 0xb7f09000 close(3) =3D 0 open("/lib/libc.so.6", O_RDONLY) =3D 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240U\1"...,=20 512) =3D 512 fstat64(3, {st_mode=3DS_IFREG|0755, st_size=3D1140208, ...}) =3D 0 mmap2(NULL, 1146964, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,=20 0) =3D 0xb7df0000 mmap2(0xb7f02000, 16384, PROT_READ|PROT_WRITE,=20 MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x112) =3D 0xb7f02000 mmap2(0xb7f06000, 8276, PROT_READ|PROT_WRITE,=20 MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) =3D 0xb7f06000 close(3) =3D 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,=20 0) =3D 0xb7def000 mprotect(0xb7f02000, 4096, PROT_READ) =3D 0 munmap(0xb7f09000, 10388) =3D 0 setuid32(500) =3D 0 execve("/bin/sh", [0], [/* 0 vars */]) =3D -1 EACCES (Permission denied) exit_group(0) =3D ? Process 4619 detached =E6=C1=CA=CC /etc/ld.so.preload =C4=C5=CA=D3=D4=D7=C9=D4=C5=CC=D8=CE=CF =CF= =D4=D3=D5=D4=D3=D4=D7=D5=C5=D4, =CF=C4=CE=C1=CB=CF =C9=DA =D7=D9=D7=CF=C4= =C1=20 strace =CE=C5 =D3=CC=C5=C4=D5=C5=D4, =DE=D4=CF =DC=D4=CF =D1=D7=CC=D1=C5=D4= =D3=D1 =D0=D2=C9=DE=C9=CE=CF=CA =D0=D2=CF=C2=CC=C5=CD. =E2=CF=CC=C5=C5 =D4= =CF=C7=CF, =C4=CF=20 dist-upgrade =DC=D4=CF=C7=CF =C6=C1=CA=CC=C1 =D4=CF=D6=C5 =CE=C5 =C2=D9=CC= =CF, =CE=CF =D7=D3=C5 =D2=C1=C2=CF=D4=C1=CC=CF. =F7=D9=D7=CF=C4 strace=20 =D7=D9=C7=CC=D1=C4=C5=CC =D4=C1=CB: execve("./setuid", ["./setuid"], [/* 27 vars */]) =3D 0 uname({sys=3D"Linux", node=3D"test.stc.donpac.ru", ...}) =3D 0 brk(0) =3D 0x804a000 access("/etc/ld.so.preload", R_OK) =3D -1 ENOENT (No such file or=20 directory) open("/etc/ld.so.cache", O_RDONLY) =3D 3 fstat64(3, {st_mode=3DS_IFREG|0644, st_size=3D10526, ...}) =3D 0 mmap2(NULL, 10526, PROT_READ, MAP_PRIVATE, 3, 0) =3D 0xb7eed000 close(3) =3D 0 open("/lib/libc.so.6", O_RDONLY) =3D 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240U\1"...,=20 512) =3D 512 fstat64(3, {st_mode=3DS_IFREG|0755, st_size=3D1140208, ...}) =3D 0 mmap2(NULL, 1146964, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,=20 0) =3D 0xb7dd4000 mmap2(0xb7ee6000, 16384, PROT_READ|PROT_WRITE,=20 MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x112) =3D 0xb7ee6000 mmap2(0xb7eea000, 8276, PROT_READ|PROT_WRITE,=20 MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) =3D 0xb7eea000 close(3) =3D 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,=20 0) =3D 0xb7dd3000 mprotect(0xb7ee6000, 4096, PROT_READ) =3D 0 munmap(0xb7eed000, 10526) =3D 0 setuid32(500) =3D 0 execve("/bin/sh", [0], [/* 0 vars */]) =3D 0 ... Process 4657 detached =F4.=C5., =D0=D2=C9=DE=C9=CE=D9 =CF=D4=CB=C1=DA=C1 =D7=D9=D0=CF=CC=CE=C9=D4= =D8 /bin/sh =D3=CF=D7=C5=D2=DB=C5=CE=CE=CF =CE=C5=D0=CF=CE=D1=D4=CE=D9. =FE= =D4=CF =C2=D9 =C5=DD=C5=20 =D4=C1=CB=CF=C5 =CE=C1=D0=C9=D3=C1=D4=D8 =D7 =D4=C5=D3=D4=CF=D7=CF=CA =D0= =D2=CF=C7=D2=C1=CD=CD=C5, =DE=D4=CF=C2=D9 =D5=DA=CE=C1=D4=D8 =D0=D2=C9=DE= =C9=CE=D5 =D0=D2=CF=C2=CC=C5=CD=D9? --=20 =F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD, =F0=D2=CF=CB=CF=D0=D8=C5=D7 =E5=D7=C7=C5= =CE=C9=CA