FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

LinkBack Thread Tools
Old 01-24-2012, 04:11 AM
Jayesh Badwaik
Default Linux Local Privilege Escalation via SUID /proc/pid/mem Write


I have just discovered this kernel exploit which allows a local user
to obtain root priviliges. The detailed explanation is given at [1].
The patch has been apparently fixed in the kernel as of now (according
to the blog post), but that update has not yet come into archlinux.
And while, the /bin/su is fine and is not vulnerable to exploit,
gpasswd is vulnerable and I am able to carry out the exploit on my
computer as of now, using the gpasswd program. The list of programs
that may be vulnerable are given by the following command

[user@localhost]$ for p in $(echo $PATH | tr ‘:’ ‘ ‘); do find “$p”
-perm -4005; done

which gives in my system the following list [3]

Not all of them work, /bin/su does not work, nor does ping work.

Any news of any kind of update? By the way, here is the patch that is
available for the same [2].

[1] : http://blog.zx2c4.com/749

[2]: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804d bb27977a3cccc

[3] : /usr/bin/kppp

Jayesh Vinay Badwaik
Electronics and Communication Engineering

Thread Tools

All times are GMT. The time now is 05:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org