Alright, So i have a setuid program that forks, and executes a program. I can control what program is executes, but if i run something like /bin/bash, I wont get the shell, since the program forks, so I dont have access to its stdin/stdout. What should I execute so I get access to a root shell.
The program basically runs tidy with execlp so I can add . to the path and add anything to a tidy executabel in the current dir. I ran the program I needed to run, but I get extra credit If i get a shell
@kensp You'll need to include the SUID/SGID bit(s) on the resulting executable and then have it owned by root to have it SUID root. As for the root shell aspect, you need to either inherit the pointers to STDIN and STDOUT or replace the SUID image by having the parent process call `exec(3)` after some potential information from the child is received.
@architect actually the program dropped privs right at the start. They thought of that...
Still fun tho.
Linux Geeks doing what Linux Geeks do..