[Security] B - achieving root permisions from normal user account

zoli@polarhome.com zoli@polarhome.com
Thu, 20 Sep 2001 16:08:52 +0200


hi,

I checked it and it does not like to work...
BUT if you read carefuly the instrucyions tr sais:

 * This exploit does not work on 2.4.x because kernel won't set suid
 * privileges if user ptraces a binary.

and if you check: 
root@gate~# uname -nrs
Linux gate.polarhome.com 2.4.3-12

It will eexplain...

This kernel is not bug free at all, but that one is not the right exploit.

Regards, Z

>ozzy@gate~/hack$ ./epcs2
>bug exploited successfully.
>enjoy!
>sh-2.04$ exit
>ozzy@gate~/hack$ ./epcs2
>ptrace: PTRACE_ATTACH: Operation not permitted
>d0h! error!
>ozzy@gate~/hack$ date
>Thu Sep 20 03:20:32 CEST 2001
>The source of the local exploit is /home/o/ozzy/hack/epcs2.c
>Works the first time only after system reboot.
>Actually it is for slackware but obviously works on RedHat 7.1.
>^_^
>Best wishes!
>	Ventsislav Nikolov
>_______________________________________________
>Security mailing list
>Security@polarhome.com
>http://www.polarhome.com/mailman/listinfo/security