John Simpson wrote:
> this only works if the user un-zipping the file is already root.
> otherwise it creates an "sh" binary which is setuid to the user
> who unzipped the file. this kind of "exploit" is only useful if
> you can somehow trick root into unzipping the file- it cannot be
> used to gain...
> this only works if the user un-zipping the file is already root.
> otherwise it creates an "sh" binary which is setuid to the user
> who unzipped the file. this kind of "exploit" is only useful if
> you can somehow trick root into unzipping the file- it cannot be
> used to gain...
[ more ]