so you use a hex editor to edit the binary

not good

then you play a vid ( as root ) not that good

then THAT VIDEO ( being a nicly hacked one calls curl to grab a file AS ROOT!!!!
now THAT IS VERY VERY BAD!!!!!

you just instilled a Trojan by playing a video AS ROOT

that is very BAD and you are a "Bleeped bleep" for doing it
Having your credit card stolen from the keyloger YOU LET BE INSTALLED is the least of your problems

That is funny. The guy probably's a wannabe hexer from windows.

If you are going to install a VLC build that allows running on root anyway, just
compile it with --enable-run-as-root.

You have such a good imagination.

And the guy probably thought of donwloading the file to be viewed locally and played it with VLC as root.
He also happens to be too unfortunate for having a vulnerable VLC version with vulnerable blob-parsing libraries
- with vulnerable builds that the exploit despite being generic was luckily able to compromise his system.
He also happens to have a very outdated system not having any kind of kernel-level protection - even
commonly default ones like PaX/NX and ASLR.

This is what worked for me. No compilation required.



VLC is not supposed to be run as root. Sorry. – Solution

Anyways, i installed vlc using following command ;

# aptitude install vlc

And tried to run vlc as root i got error on my terminal ;

# vlc

VLC is not supposed to be run as root. Sorry.

If you need to use real-time priorities and/or privileged TCP ports

you can use vlc-wrapper (make sure it is Set-UID root and

cannot be run by non-trusted users first).

This error says straight forward vlc can not be run as root privileged user. What to do now? Don’t be panic. Here is the hacked solution ��

# vi /usr/bin/vlc

search for geteuid and replace it with getppid

Save file & Exit.

Now it should work, try to run it again ��

or

sed -i 's/geteuid/getppid/' /usr/bin/vlc