2007-11-20 03:22:48
By Tim Brown
Whilst I was browsing Slashdot today, I came across an interesting technique for trojaning sudo and other setuid() binaries. Essentially the author of this highlights how by ptrace'ing another shell of the same privilege, it is possible to intercept the execve() calls from the second shell and modify them in a programatic fashion. The upshot of this is that the code the author supplies will intercept attempts to run sudo and change the supplied command to one of the attackers choosing. It is of course limited by whatever rules sudo has been configured with, but it got me thinking about what other mean tricks we could play.
Mood: Amused
Music: Nothing playing right now
You are unknown, comment