1 |
On 16:21 Sun 14 Jun , 7v5w7go9ub0o wrote: |
2 |
> |
3 |
> [... SNIP ...] |
4 |
> |
5 |
> Nope.... that's all there is to the wrapper. |
6 |
> |
7 |
> gcc runchroot.c -o runchroot |
8 |
> chown root runchroot |
9 |
> chmod u+s runchroot |
10 |
|
11 |
Ouch. Do _not_ set the setuid-bit on runchroot. |
12 |
Otherwise it would be a piece of cake for the intruder |
13 |
to gain root-privileges: |
14 |
diff@mallory ~ $ ls -l runchroot |
15 |
-rwsr-xr-x 1 root root 7680 Jun 15 04:37 runchroot |
16 |
diff@mallory ~ $ ./runchroot -u root -d / -- /bin/sh |
17 |
# id |
18 |
uid=0(root) gid=0(root) groups=10(wheel),18(audio),27(video),1000(diff), |
19 |
1007(qemu) |
20 |
# ls -l /proc/self/root |
21 |
lrwxrwxrwx 1 root root 0 Jun 15 04:45 /proc/self/root -> / |
22 |
|
23 |
/ck |