From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <14ec7b180802221023j472a7953v70c31da9ed1c0563@mail.gmail.com> Date: Fri, 22 Feb 2008 11:23:57 -0700 From: "andrey mirtchovski" To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> Subject: Re: [9fans] a challenge In-Reply-To: <13426df10802220953q3af4a1aarf93acaaebfedc9b@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <13426df10802220953q3af4a1aarf93acaaebfedc9b@mail.gmail.com> Topicbox-Message-UUID: 5eed730a-ead3-11e9-9d60-3106f5b1d025 well, i checked the source. turns out bash 3.2 drops privileges if uid != euid and requires the -p flag to allow itself to run in setuid mode: $ cp /bin/bash . $ sudo chown root bash $ sudo chmod 4755 bash $ ./bash -p # id uid=500(andrey) gid=500(andrey) euid=0(root) groups=500(andrey) # whoami root # that doesn't make me like Plan 9 any less, you know :) On Fri, Feb 22, 2008 at 10:53 AM, ron minnich wrote: > here is a challenge. I realize it's linux but I think this is the > right group to ask anyway; I think you'll appreciate the humor in it. > So far few I have talked to have gotten it. > > There is a file, called /bin/bash. > > You are allowed to do this as root. > cp this file to /tmp. Do something to it to make it so that, when you > are not root, you can run the file in /tmp and get a root shell. > > Don't assume the obvious. And please don't post "that's trivial" until > you have actually done it. > > ron >