On Sun, 1 Aug 2021 12:41:58 +0200, aitor wrote in message <a72e45a0-ab40-6257-5a39-91a7dd679...@gnuinos.org>:
> Hi, > > On 1/8/21 1:39, aitor wrote: > > I'm looking for a safer way to run the binary with suid permissions > > using the shared memory of the system to send a signal. > > Time ago somebody said me: "you can do nothing from your binary that > i can't do externally from another binary". > > So, am i wasting time? ..nope. > > Today i've been testing the idea and it's working for me. I'd like to > prepare an example and share with all of you to resolve > vulnerabilities. The example consists of a window with a button (to > run the suid binary) and another binary -the intruder- located in the > same directory and trying to do the same by using the other party's > PID pretending to be the window. ..you're being too damned naive: Why would the intruder not try to e.g. use your PID? > The result is a segmentation fault. ..which I would argue is good, unless you are trying to set up some sort of honey trap. For a public etc service, log what you need and restart that service. > I insist on trying to find the safest approach to run the suid binary > because this is important not only for simple-netaid, but also for > hopman, which will require granted permissions for running the > *eject* command or the like (among others?). > > Cheers, > > Aitor. ..that eject command Can be used with a CD player to push a reset or power switch button. ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
