| Next | Classic Unix Security Problems | 6 |
This "setuid" feature has opened a long series of holes:
For example:
% ls -l /usr/local/lib/something
-rwsrwxrwx 1 root wheel 12668 Feb 28 2001 /usr/local/lib/something
OK, but even though it runs as root, perhaps it does nothing interesting
Can I "fix" that?
% cp /bin/sh /usr/local/lib/something
% /usr/local/lib/something
# anything
Solution: writing to a file should clear the setuid bits
| Next | |
Copyright © 2005 M. J. Dominus |