|Next||Classic Unix Security Problems||6|
This "setuid" feature has opened a long series of holes:
% ls -l /usr/local/lib/something -rwsrwxrwx 1 root wheel 12668 Feb 28 2001 /usr/local/lib/something
OK, but even though it runs as root, perhaps it does nothing interesting
Can I "fix" that?
% cp /bin/sh /usr/local/lib/something % /usr/local/lib/something # anything
Solution: writing to a file should clear the setuid bits
|Next||Copyright © 2005 M. J. Dominus|