becoming root via NFS
Root Boy Jim
rbj at uunet.UU.NET
Wed Dec 19 15:51:08 AEST 1990
In article <111544 at convex.convex.com> tchrist at convex.COM (Tom Christiansen) writes:
? It's really pretty easy to become root on the server if you can
? become root on the workstation. Become a non-root user who can create
? a directory. Create a directory on the server that's mode 777. Now
? go back to root and go to this directory, which you can write although
? the files will be owned by user ((unsigned short) -2).
I follow you so far, but...
? Do a mknod
? giving it the major,minor numbers of /dev/mem on the server,
? not the workstation.
Um, only root can do a mknod, `nobody' can't.
? Make it mode 666. Return to the server as a normal
? user, adb your new /dev/mem device and scribble at will. My favorite
? scribble is to punch the uid of my shell to be 0 in the proc structure.
I tried this another way. Entice someone to mount a filesystem from
your machine. Then, as root on your own machine, do a mknod. Get onto
the server as a regular user and access the device. But wait! Devices
don't work across NFS! So no good there either.
? Tom Christiansen tchrist at convex.com convex!tchrist
--
Root Boy Jim Cottrell <rbj at uunet.uu.net>
Close the gap of the dark year in between
More information about the Comp.unix.internals
mailing list