SUID shell skripte
moguĉe je napraviti SUID (ili SGID) shell skripte, ali to nije preporueljivo
# cat > /tmp/evil.sh
#!/usr/bin/sh
cp /usr/bin/sh /tmp/sh
chmod 4711 /tmp/sh
ls -l /tmp/sh
^D
# chmod 4555 evil.sh
# ^D
% /tmp/evil.sh
-rws--x--x 1 root 45056 Sep 24 14:20 /tmp/sh
?
Previous slide
Next slide
Back to first slide
View graphic version