Alessandro Mauri
72c217d74a
this branch will contain a version of us which doesn't use a subshell as a proxy but directly applies the privilege escalation to the command
17 lines
839 B
Plaintext
17 lines
839 B
Plaintext
- Modify the following environment variables: (listed in environ(7))
|
|
* USER -> to target user
|
|
* LOGNAME -> to target user
|
|
* SHELL -> to the target user's SHELL
|
|
* HOME -> to the target user's HOME
|
|
|
|
- fork before exec, that is because processes might try to kill us or the
|
|
command but since they may run under elevated privileges they will get
|
|
permission denied error. If we remain the parent processes, unprivileged
|
|
proceses can send signals to us and we will relay them to our children
|
|
running at the same privilege as us. This is useful when:
|
|
- The child command hangs and we want to cose it, kinda
|
|
problematic but we could run kill with us as well
|
|
- The parent shell dies and children need to be killed, then
|
|
since one of their children (us) has higher privileges
|
|
they can't kill us and we would end up as zombies
|