spawning a root shell as user

Message

irondog · Post by **irondog** » Wed Jun 02, 2004 8:02 pm

I'm trying to give a normal user the power of of a root-shell.

I thought: "lets copy /bin/bash to ~ and give it the same permissions as /usr/bin/passwd" (as this executable makes me able to change /etc/passwd without being root

, so it must work)
So, people running the binary temporary obtain root privilleges, but it's not like that....

What is the mistake I make in this (mind / thinking) process?
Please don't ask me why I should want this, I'm just paranoid a sys-admin will update to a kernel without p-trace bug.

spb · Post by **spb** » Wed Jun 02, 2004 8:13 pm

Not sure I ought to be helping you with this, but I will say this much: read 'man bash'. Everything you need to know is in there.

searcher · Post by **searcher** » Wed Jun 02, 2004 8:35 pm

irondog wrote:Please don't ask me why I should want this, I'm just paranoid a sys-admin will update to a kernel without p-trace bug.

Sounds to me like you have no business getting root on that box, and that sys-admin probably should keep up to date. If you feel you have a legitimate need for root acces to a box, call the sysadmin and get him to setup sudo for you.

~searcher

ecatmur · Post by **ecatmur** » Wed Jun 02, 2004 8:40 pm

I'm pretty sure bash refuses to be run as a suid binary. If you really want to be able to suid to a shell you'll need to write a suid wrapper around system() (in C, natch).

irondog · Post by **irondog** » Wed Jun 02, 2004 8:44 pm

I think you are right. That's the problem. The idea is good (it worked with /bin/touch), but bash refuses it

spb · Post by **spb** » Wed Jun 02, 2004 8:56 pm

ecatmur wrote:I'm pretty sure bash refuses to be run as a suid binary. If you really want to be able to suid to a shell you'll need to write a suid wrapper around system() (in C, natch).

It can be made to run setuid. As I said, it's all in the man pages. By default if the effective UID is different to the real UID (i.e. it's a setuid binary), it doesn't load any environment, and sets euid to the real uid. But it can be made to do otherwise.

irondog · Post by **irondog** » Wed Jun 02, 2004 8:59 pm

ecatmur wrote:I'm pretty sure bash refuses to be run as a suid binary. If you really want to be able to suid to a shell you'll need to write a suid wrapper around system() (in C, natch).

The system function seems to spawn its argument in /bin/sh, causes the same problem. Trivially I have to setuid(0); seteuid(0); setgid(0); first before executing it.

I see no way to do this when calling /bin/bash from a shell as UID, GID and EUID are readonly.

spawning a root shell as user

spawning a root shell as user

Re: spawning a root shell as user