I love how your content is highly detailed and explained from scratch, bunch of other security fellas on yt are just like "they sent this request and big bang boom Apple got hacked" and then uploaded with a fancy title just to get non-tech related viewers
Not all systems rely on setuid for /bin/ping, some use a different scheme (setcap? I do not remember exactly). Nowadays you see it less and less, actually. Good observation.
that's where the setuid bit comes to play, when a binary has the setuid bit set. it always executes as root. doesn't matter what user tries to run it and about what you said, sudo doesn't check for the user who's running it, it checks for the owner of the file it will write to, and that's also where links comes to play, see if the a link "A" points to a file "B", when you check the owner for the link "A" you actually get the owner of "B" (unless you're specifically handling the case where A is a link which I guess sudo is not) I hope that clears stuff for you
very cool
obamna
no u
I love how your content is highly detailed and explained from scratch, bunch of other security fellas on yt are just like "they sent this request and big bang boom Apple got hacked" and then uploaded with a fancy title just to get non-tech related viewers
Dude i just find you and i 10 min in i realised yt need more genuin and competent ppl like you :)
very helpful explanation, thank you.
ls -l /bin/ping, why ping has no suid bit?
Not all systems rely on setuid for /bin/ping, some use a different scheme (setcap? I do not remember exactly). Nowadays you see it less and less, actually. Good observation.
love the detailed explanation !!!!!
from liveoverflow's live stream overflow
Here from liveOverflows stream!
Good stuff..
what is your working environment ?
wow look at you, mr hacker boy
i dont get it, you make the bad link, but then you check "if root, write the shet", but you arent root?
that's where the setuid bit comes to play, when a binary has the setuid bit set. it always executes as root. doesn't matter what user tries to run it
and about what you said, sudo doesn't check for the user who's running it, it checks for the owner of the file it will write to, and that's also where links comes to play, see if the a link "A" points to a file "B", when you check the owner for the link "A" you actually get the owner of "B" (unless you're specifically handling the case where A is a link which I guess sudo is not)
I hope that clears stuff for you
@@hamidcrazy9027 setuid flag means running the flag as the user who owns it
from Liveoverflow....