Re: Understanding Interpreter Spoofing

[Alex fxmbsw7 Ratchev]

( setuid _(_ root spoofing ) ) attacks

no idea, you can maybe with some know-magic gdb remote bash process

but never heard such you write
an intetpreter spoofing would be a bash parsing translayer that does what
it wants

On Sat, Dec 4, 2021, 11:12 iam_chunky_pie via <help-bash@gnu.org> wrote:

> Hello everyone,
>
> Noob here. I'm teaching myself bash and have come to a section regarding
> interpreter spoofing. I feel confident (but could be wrong,) I understand
> the concept based on what I've earned (I'll spare everyone a review.)
>
> However, I'm not able to reproduce the spoof? I've googled "interpreter
> spoofing," "setuid root spoofing attacks" but all I get in return is the
> theory on what it is and how to avoid it. Has this vulnerability been fixed
> in bash or in Linux in general. I believe while trying to find an answer on
> my own, I saw something to that effect that suid and sguid are basically
> not allowed anymore in Linux and thought maybe something similar applied to
> how the shell uses that magic line to run scripts. Below is the sample
> script I tried to spoof and the commands I ran to try to reproduce the
> spoof.
>
> Sampe Script:
> #!/bin/bash
> echo "did you pop a shell!"
>
> Commands:
> chmod 4750 script
> mv script ~/-i
> oldPATH=$PATH
> PATH=.
> -i
>
> I get the output from the echo command but when I check ps, it still only
> shows one bash process. I was just gone give up trying to replicate the
> spoof, move on and just settle for understanding the theory but thought
> this was a good opportunity to participate in this mailing list and start
> learning the social norms of mailing lists in general (and of course learn
> more bash!) PS - I'll be less verbose in the future, I have a habit of
> feeling like I don't explain myself clearly enough : /
>
> Regards,
>
> Chunky Pie
> "I'm chunky and I'm funky" - Action Bronson