help-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Understanding Interpreter Spoofing

From: Alex fxmbsw7 Ratchev
Subject: Re: Understanding Interpreter Spoofing
Date: Sat, 4 Dec 2021 11:20:47 +0100 
i mean it could implent a setuid root start and if no meattacker is drop
the rights

On Sat, Dec 4, 2021, 11:19 Alex fxmbsw7 Ratchev <fxmbsw7@gmail.com> wrote:

> ( setuid _(_ root spoofing ) ) attacks
>
> no idea, you can maybe with some know-magic gdb remote bash process
>
> but never heard such you write
> an intetpreter spoofing would be a bash parsing translayer that does what
> it wants
>
> On Sat, Dec 4, 2021, 11:12 iam_chunky_pie via <help-bash@gnu.org> wrote:
>
>> Hello everyone,
>>
>> Noob here. I'm teaching myself bash and have come to a section regarding
>> interpreter spoofing. I feel confident (but could be wrong,) I understand
>> the concept based on what I've earned (I'll spare everyone a review.)
>>
>> However, I'm not able to reproduce the spoof? I've googled "interpreter
>> spoofing," "setuid root spoofing attacks" but all I get in return is the
>> theory on what it is and how to avoid it. Has this vulnerability been fixed
>> in bash or in Linux in general. I believe while trying to find an answer on
>> my own, I saw something to that effect that suid and sguid are basically
>> not allowed anymore in Linux and thought maybe something similar applied to
>> how the shell uses that magic line to run scripts. Below is the sample
>> script I tried to spoof and the commands I ran to try to reproduce the
>> spoof.
>>
>> Sampe Script:
>> #!/bin/bash
>> echo "did you pop a shell!"
>>
>> Commands:
>> chmod 4750 script
>> mv script ~/-i
>> oldPATH=$PATH
>> PATH=.
>> -i
>>
>> I get the output from the echo command but when I check ps, it still only
>> shows one bash process. I was just gone give up trying to replicate the
>> spoof, move on and just settle for understanding the theory but thought
>> this was a good opportunity to participate in this mailing list and start
>> learning the social norms of mailing lists in general (and of course learn
>> more bash!) PS - I'll be less verbose in the future, I have a habit of
>> feeling like I don't explain myself clearly enough : /
>>
>> Regards,
>>
>> Chunky Pie
>> "I'm chunky and I'm funky" - Action Bronson
>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]