[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential Bash Script Vulnerability
|
From: |
Greg Wooledge |
|
Subject: |
Re: Potential Bash Script Vulnerability |
|
Date: |
Sun, 7 Apr 2024 17:49:22 -0400 |
On Mon, Apr 08, 2024 at 12:23:38AM +0300, admin@osrc.rip wrote:
> - Looks for list of PIDs started by the user, whether it's started in
> terminal or command line, and saves them into $DotShProcessList
> - Takes $DotShProcessList and filters out those that don't have root access.
> Those that do are saved into $UserScriptsRunningAsRoot
> - Searches for file names of $UserScriptsRunningAsRoot processes in
> /home/$USER (aka ~) and save it to $ScriptFiles
So your "vulnerability" requires that the attacker has unprivileged
access to the system, and locates a shell script which is owned by a
second unprivileged user, and for some reason has world write access,
and is also currently being executed by root?
In that scenario I would say the real problem is that the second user
is leaving world-writable files sitting around. If the attacker finds
such scripts, they can edit them ahead of time, and simply wait for
the second user to execute them via sudo. There's no need to find the
script being executed in real time.
- Potential Bash Script Vulnerability, admin, 2024/04/07
- Re: Potential Bash Script Vulnerability, Jon Seymour, 2024/04/07
- Re: Potential Bash Script Vulnerability, Kerin Millar, 2024/04/07
- Re: Potential Bash Script Vulnerability, admin, 2024/04/07
- Re: Potential Bash Script Vulnerability, Robert Elz, 2024/04/08
- Re: Potential Bash Script Vulnerability, Greg Wooledge, 2024/04/08
- Re: Potential Bash Script Vulnerability, admin, 2024/04/08
- Re: Potential Bash Script Vulnerability, Greg Wooledge, 2024/04/08
- Re: Potential Bash Script Vulnerability, Andreas Schwab, 2024/04/08
- Re: Potential Bash Script Vulnerability, admin, 2024/04/08