SUID Bit
Good list of things to look out for in SUID programs. Seriously, check it out:
If you want to get a root shell when exploiting SUID programs, then note that by default, bash and sh drop suid privileges. Use the -p
flag to avoid dropping privileges (only works for root).
Example C program for exploitation:
Symlink tip: For some reason (presumably security reasons), you cannot read a symlink to /etc/shadow
(and perhaps other files?) from the /tmp
or /dev/shm
folders, even as root, if that symlink wasn’t created by you. But you can do it from any user’s home directory, for example. This can be important when exploiting suid or sudoers misconfigurations using symlinks, for example.
Last updated