On Sat, Apr 13, 2019, 5:56 AM Eli Schwartz wrote:
> But that still isn't a bug in bash. It's more along the lines of a
> social engineering exploit.
>
Kids.
--
konsolebox
>
On 4/12/19 5:56 PM, Vladimir Marek wrote:
> It escapes me how changing your own $PATH makes another user execute
> files in /tmp. And if someone has /tmp in $PATH moreover before anything
> else (or . for that matter) he deserves it. Right?
I assume the idea is to escalate write access to another
It escapes me how changing your own $PATH makes another user execute
files in /tmp. And if someone has /tmp in $PATH moreover before anything
else (or . for that matter) he deserves it. Right?
--
Vlad
> I written an exploit which allow to became root when a normal user use sudo.
> The f
On 4/12/19 5:38 PM, bakzero wrote:
> Hi,
> I written an exploit which allow to became root when a normal user use sudo.
> The following code add to the .bashrc configuration file the /tmp path. Then
> when the user exec sudo he runs the fake one, giving you a root shell. Just
> run it, when the
Hi,
I written an exploit which allow to became root when a normal user use sudo.
The following code add to the .bashrc configuration file the /tmp path. Then
when the user exec sudo he runs the fake one, giving you a root shell. Just run
it, when the normal user will use sudo you will get a root
