Small program calling /bin/bash

Milosevic · 12-13-2005, 10:04 PM

Hi. I'm having some problems trying to understand what is going on here. Here's the program code:

Code:

//---------------file.c--------------
#include <unistd.h>

int main()
{
    execl("/bin/bash","bash",NULL);
    return 0;
}
//------------------End of file.c--------------

Then i compiled it and changed the permissions to the following:

-rwsrwxrwx 1 root root 11051 2005-12-14 01:57 file//SUID here
-rw-r--r-- 1 milosevic users 105 2005-12-14 01:48 file.c

Finally:
milosevic@slackws:~/c$ ./file
milosevic@slackws:~/c$ id
uid=1000(milosevic) gid=100(users) groups=100(users),11(floppy),17(audio),19(cdrom)

I just don't understand why i'm still milosevic, and not root.

Milosevic.

unSpawn · 12-14-2005, 09:09 AM

I'm having some problems trying to understand what is going on here.
I think you think you're trying to get some rootshell dropping thing going.

I just don't understand why i'm still milosevic, and not root.
Well, all it does is exec a shell. What you probably want is tricking a process with enough privileges in prepping the rootshell *for* you.

Mind you, LQ - Security is more sort of a Whitehat forum. We understand that basic knowledge of Blackhat-fu is a necessity, but we don't encourage anyone to post detailed questions about or replies or HOWTO's about the workings of exploits, with the exception of questions in case your box was breached using one. If you want to increase your Blackhat-fu mana, then please do so outside of LQ. TIA.