Bash specially-crafted environment variables code injection attack

Dan Lukes dan at obluda.cz
Sat Sep 27 13:30:15 CEST 2014

Previous message: Bash specially-crafted environment variables code injection attack
Next message: Bash specially-crafted environment variables code injection attack
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/27/14 12:23, Miroslav Lachman:
> Kdyz jsi nakousnul to 'su', tak ja se toho chytnu.
> Da se nejak snadno dostat k heslu v pripade, ze 'su' spoustim s plnou
> cestou a odpada tim moznost nejakeho 'wrapperu', ktery by to heslo
> zachytil?

Jak se to vezme. Predstav si, ze si sednes k terminalu na kterym jsem 
nalogovany ja a ja su "u sebe" udelal falesny root s par potrebnymi 
knihovnami, shellem, a taky scriptem /usr/bin/su ktery je ochoten 
prevzit heslo. A do tohohle environmentu se chrootnu perd tim, nez ty si 
k tomu sednes.

Takze ty si k tomu sednes, zavolas /usr/bin/su, to se te zepta na heslo, 
ja si ho nekam poznamenam, tobe reknu, ze ses preklepnul a z toho 
chrootu vypadnu. Ty zavolas /usr/bin/su jeste jednou, tentokrat se uz 
vsechno povede a ty posleze spokojene odchazis. Spokojeni jsme ovsem my 
oba ;-)

Dan

Previous message: Bash specially-crafted environment variables code injection attack
Next message: Bash specially-crafted environment variables code injection attack
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list