Subject: Re: non-root user executes root shell?
To: None <>
From: Lubomir Sedlacik <>
List: netbsd-users
Date: 10/03/2004 12:50:13
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


On Sun, Oct 03, 2004 at 10:55:22AM +0200, Sascha Retzki wrote:
> > I'm in the sudo camp on that, myself, but someone here said recently=20
> > they write a user runnable mount program in C to do that.=20
> --C code--
> #include <stdio.h>
> void main(void) {
> 	system("id");
> }
> --END C code--
> Compile it with "gcc -o executable_name sourcefilename.c".
> after that, set the executalbe suid root: "chown root.wheel m00.exe" ;
> "chmod +s m00.exe" ... .
> you can put the both commands of the script into system() calls, however=
> you will not be able to fetch return codes and react via if() calls,
> at least not in C. But you get the deal.
> Btw, either use "mount_cd9660" or "mount -t cd9660" ;)
> If you ever look into writting real C programms and not some sh-script=20
> imitations, please use "int main(int argc, char *argv[])" and return some
> value at the end :))

did you realize that the program above is a straight path to a root
shell for any user who can execute it?  (exercise left for the readers)


-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.6 (NetBSD)