Re: [ALUG] Help with Setuid?

1 Jul 2013


      Sorry late to the party.
You have to be very careful with setuid.
For example if you setuid mount.cifs to root then what is stopping 
anyone with access to that machine from doing something nasty and 
unsporting like overmounting /root/.ssh with a copy containing their own 
keys ?
Or is mount.cifs clever enough to determine you aren't really root and 
not overmount like that ?
Honestly one of the first things I do when trying to secure a box (and 
almost certainly one of the first things I'd try if I was looking to get 
root on a box when I shouldn't have it) is run
find / -perm -4000 -print
and see if anything interesting pops up.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

Re: [ALUG] Help with Setuid?