About Archive Tags RSS Feed

 

Entries tagged setuid

So cunning you could brush your teeth with it.

8 October 2008 21:50

Lets take a look at a new tool available to Lenny & Sid:

apt-get source acon
int main(int argc,char **argv)
{
        int i,tty,useunicode=0;
        char *fontf=0,*translationf=0,*keymapf=0;

        get_ids();
        set_user_id();

        /*Read configure file if no input options*/
        if(argc<2)
        {
                char *env;
                FILE *fp;
                char font[300],translation[300],keymap[300];
                char tmp[300];

                font[0]=translation[0]=keymap[0]=0;
                if((env=getenv("HOME")))
                        sprintf(tmp,"%s/.acon.conf",env);
                else
                        strcpy(tmp,"/etc/acon.conf");

Hmmm. Nice use of the environment there. I wonder what permissions the binary has:

skx@gold:~$ ls -l /usr/bin/acon
-rwsr-xr-x 1 root root 48672 2008-06-09 10:50 /usr/bin/acon

setuid(0) - just say no.

ObTitle: Blackadder II

| 13 comments

 

setuid/setgid binaries in Debian's Wheezy release?

7 June 2014 21:50

If anybody has access to a complete mirror of the Debian Wheezy release, and was willing to share a list of all setuid/setgid binaries that would be greatly appreciated.

It doesn't seem to be something you can find online, so you need to manually unpack each .deb file and look at the permissions.

I don't have access to a (complete) local mirror, and so I cannot easily build such a thing, unless I go to ebay and buy a random DVD-archive.

This list would be useful for folk wanting to direct their audits ..

| 13 comments