-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 10 Sep 2002, Cloud Ass wrote: > There exsists a local root in slackware 7.1 in the efstool package, here is > an exploit. Quick fix just chmod efstool -s. Enough said, any questions feel > free to e-mail me back. That's actually kind of interesting, since Slackware 7.1 and previous versions didn't install efstool or bonobo. Each version of Slackware has a MANIFEST.gz file which lists everything that is installed during a full install. The following was performed on a Slackware 8.1 system: # grep efstool /var/log/packages/* /var/log/packages/bonobo-1.0.20-i386-1:36:usr/bin/efstool # ls -l /usr/bin/efstool - -rwxr-xr-x 1 root bin 14308 May 5 18:44 /usr/bin/efstool* # ncftpget ftp://ftp.slackware.com/pub/slackware/slackware-7.1/slakware/MANIFEST.gz MANIFEST.gz: 766.91 kB 4.45 kB/s # zgrep bonobo MANIFEST.gz 33702:-rw-r--r-- root/root 5279 2000-05-30 01:37 usr/share/glade/gnome/gnome-bonobo-check.m4 # zgrep efstool MANIFEST.gz # Compare with Slackware 8.0 and 8.1: # ncftpget ftp://ftp.slackware.com/pub/slackware/slackware-8.0/slakware/MANIFEST.gz MANIFEST.gz: 1.37 MB 4.51 kB/s # zgrep efstool MANIFEST.gz 36086:-rwxr-xr-x root/root 11224 2001-05-20 17:06 opt/gnome/bin/efstool # ncftpget ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/MANIFEST.gz MANIFEST.gz: 1.56 MB 4.37 kB/s # zgrep efstool MANIFEST.gz 35115:-rwxr-xr-x root/bin 14308 2002-05-05 18:44:05 usr/bin/efstool After changing the path to efstool in efstool.c, I ran the exploit on Slackware 8.1. $ gcc -o efstool_exploit efstool.c $ ./efstool_exploit Segmentation fault $ Interesting, but it's hardly a root exploit since efstool is not suid. And claiming that there is a local root exploit in Slackware 7.1 is just plain wrong. Enjoy dentonj -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9gECUZLAxqqBWfgYRAqL+AJoCuORXVehDHt1E8fqQRqXFPkpS0ACfVgKN AMN6AryEibmp3SatrOPeM4c= =WUy4 -----END PGP SIGNATURE-----
