[Gambas-user] Gambas app run as root
Jussi Lahtinen
jussi.lahtinen at ...626...
Tue Oct 5 19:34:32 CEST 2010
I recompiled Gambas2 and it still doesn't work.
So, I run this project with gdb and I find something very worrying.
I edited that project so that line;
*hProcess = SHELL "su -c 'ls /root'" FOR INPUT OUTPUT*
is now:
*hProcess = SHELL "sudo whoami" FOR INPUT OUTPUT*
~/Desktop/su$ gbc2 -agpmt
~/Desktop/su$ sudo -k
~/Desktop/su$ gdb gbx2
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/gbx2...done.
(gdb) set args -p
(gdb) run
Starting program: /usr/local/bin/gbx2 -p
[Thread debugging using libthread_db enabled]
*root*
FMain.Button1_Click.20: #42: System error. Bad file descriptor
0: FMain.Button1_Click.20
Mutex destroy failure: Device or resource busy
Program exited with code 01.
(gdb)
So this is nice way to get root without password!!!
Jussi
2010/10/5 Benoît Minisini <gambas at ...1...>
> > OK, here it is.
> >
> > Jussi
> >
> >
>
> Well, your little example works as expected there (Mandriva 2010.1 /
> x86-64).
>
> On Gambas 3, it works if you add 'As "Process"' after the SHELL instruction
> and replace LINE INPUT by the READ instruction.
>
> Note that you should use EXEC instead of SHELL. Not important, but with
> SHELL,
> you add an intermediate "sh" process that is useless.
>
> Regards,
>
> --
> Benoît Minisini
>
>
> ------------------------------------------------------------------------------
> Virtualization is moving to the mainstream and overtaking non-virtualized
> environment for deploying applications. Does it make network security
> easier or more difficult to achieve? Read this whitepaper to separate the
> two and get a better understanding.
> http://p.sf.net/sfu/hp-phase2-d2d
> _______________________________________________
> Gambas-user mailing list
> Gambas-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/gambas-user
>
More information about the User
mailing list