su: not running setuid
Christopher Cowart
ccowart at rescomp.berkeley.edu
Tue Oct 23 14:47:44 PDT 2007
On Tue, Oct 23, 2007 at 09:09:04PM +0100, Adam J Richardson wrote:
> Christopher Cowart wrote:
>> Unless you can find some local privilege escalation exploit, I'm
>> thinking you're stuck. You can probably fix it in single-user mode:
>> * Reboot
>> * Pick single user mode from the boot menu
>> * Accept the default shell
>> $ fsck -p
>> $ mount -u /
>> $ mount -a -t ufs
>> $ chown root /usr/bin/su
>> But if the command above ran to completion, you probably have a mess of
>> permissions on your filesystem. You may want to look into rebuilding /
>> reinstalling world while you're in single.
>
> What about going to single user mode and editing /etc/passwd so the "root"
> line has the username "uname"? Or add user "uname" with UID 0?
The chown command would have looked up "uname" via libnss and used the
numeric UID to alter the filesystem entries. The most you could do here
is change the symbolic name for the "uname" user and make the ls -l
output look different. Either way, you're stuck with the files on the
filesystem not being owned by UID 0. I would highly recommend not
mucking with /etc/passwd and letting rebuild world fix things.
--
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20071023/2663bc69/attachment.pgp
More information about the freebsd-questions
mailing list