Created
March 31, 2011 15:42
-
-
Save MKo-xx/896596 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo -e "#"\!"/bin/dash\nwhoami" | sudo tee a.sh # create a script | |
#!/bin/dash | |
whoami | |
$ sudo chmod +x a.sh # add executable flag | |
$ ll # see root is the owner | |
... | |
-rwxr-xr-x 1 root root 19 2011-03-31 20:32 a.sh* | |
$ | |
$ ./a.sh # it will print my username | |
<my user name> | |
$ sudo chmod +s a.sh # set on setuid | |
$ ./a.sh # surprisingly it prints my username again. | |
<my user name> | |
$ # the cause of above behavior is that, | |
$ # the a.sh isn't executable actually, | |
$ # the /bin/dash with a.sh argument is called, | |
$ # so we need to add +s to /bin/dash | |
$ sudo chmod +s /bin/dash # set on setuid | |
$ ./a.sh # now it gives root | |
root | |
$ | |
$ sudo rm -rf * # remove all | |
$ echo -e "#"\!"/bin/dash\nwhoami" > a.sh # create a script | |
$ chmod +x ./a.sh # add executable flag | |
$ ll # now I am the owner | |
-rwxr-xr-x 1 <user name> <group name> 19 2011-03-31 20:30 a.sh | |
$ | |
$ ./a.sh # it gives root again, because of setuid of /bin/dash | |
root | |
$ | |
$ # At last, don't forget to bring back the attributes of dash | |
$ sudo chmod -s /bin/dash | |
$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment