Y
Hacker News
new
|
ask
|
show
|
jobs
by
stackghost
57 days ago
The call to zlib basically overwrites a minimal ELF into a portion of the `su` binary, which exceve's /bin/sh.
1 comments
Sophira
57 days ago
To be specific, the zlib'd binary basically does this (except that it directly uses Linux syscalls to do so rather then C wrappers):
setuid(0); execve("/bin/sh", NULL, NULL); exit(0);
link