[Sunhelp] About top
Doug McLaren
dougmc at frenzy.com
Fri Oct 20 19:27:29 CDT 2000
On Sat, Oct 21, 2000 at 12:55:54AM +0100, Leon Halford wrote:
| Game Over.
Do you always quote entire messages, just to add one line of
gibberish?
Does this mean that you've done all of this - ?
But I suggest that you go ahead and set it to setgid
sys on your site. Make sure your user is NOT in the sys group (he
shouldn't be) and then use top to gain arbitrary read access to
/dev/kmem. I don't think you can do it, even if you DO do some
programming.
Again, you get bonus points if you can use this to get root access.
(but that's not the hard part. The hard part is getting the setgid
sys top to give you a GID sys shell.)
The source code may help you out. You can get it at
ftp://ftp.groupsys.com/pub/top.
If so, I trust you'll be providing us with the exact detals of how you
did it (the command `script' is great for logging things like this) so
that we can provide them to the top maintainer and he can fix
whichever hole you may have found?
--
Doug McLaren, dougmc at frenzy.com The Ranger isn't gonna like it, Yogi.
More information about the SunHELP
mailing list