ugh, Linux ignores setuid on shell scripts because people are bad at writing shell scripts. so now i have a bunch of elfs w/ system()
-
-
Replying to @int10h
No, the reason is much more subtle. There's an inherent race between kernel invoking suid interpreter & interpreter opening script.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @int10h
In this race window you can rm the [symlink/hardlink to the] script and replace it with a malicious one.
2 replies 0 retweets 0 likes
Replying to @RichFelker @int10h
Setuid should just be banned (mount w/nosuid), instead use ssh to localhost w/ forced-command and no passphrase on key.
10:48 AM - 14 Mar 2017
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.