executing chroot and you can impersonate it
lexavey opened this issue · comments
Hi,
I received this message but it rather vague and I was wondering if someone could point me in the right direction.
-rwsr-xr-x 1 root root 2.3M Jul 6 2021 /usr/local/sbin/suphp (Unknown SUID binary!)
--- It looks like /usr/local/sbin/suphp is executing chroot and you can impersonate it (strings line: chroot) (https://tinyurl.com/suidpath)
--- It looks like /usr/local/sbin/suphp is executing clear and you can impersonate it (strings line: clear) (https://tinyurl.com/suidpath)
--- It looks like /usr/local/sbin/suphp is executing info and you can impersonate it (strings line: info) (https://tinyurl.com/suidpath)
--- It looks like /usr/local/sbin/suphp is executing logger and you can impersonate it (strings line: logger) (https://tinyurl.com/suidpath)
--- It looks like /usr/local/sbin/suphp is executing rename and you can impersonate it (strings line: rename) (https://tinyurl.com/suidpath)
--- It looks like /usr/local/sbin/suphp is executing reset and you can impersonate it (strings line: reset) (https://tinyurl.com/suidpath)
-rwsr-xr-x 1 root root 32K Aug 4 2017 /usr/bin/umount ---> BSD/Linux(08-1996)
-rwsr-xr-x 1 root root 32K Aug 4 2017 /usr/bin/su
-rws--x--x 1 root root 24K Aug 4 2017 /usr/bin/chfn ---> SuSE_9.3/10
-rwsr-xr-x 1 root root 77K Nov 6 2016 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 41K Nov 6 2016 /usr/bin/newgrp ---> HP-UX_10.20
-rws--x--x 1 root root 24K Aug 4 2017 /usr/bin/chsh
-rwsr-xr-x 1 root root 63K Nov 6 2016 /usr/bin/chage
-rwsr-xr-x 1 root root 44K Aug 4 2017 /usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
-rwsr-xr-x 1 root root 28K Jun 10 2014 /usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
thank you for all your hard work.
Hey @lexavey,
you actually have a link explaining that in each line: https://tinyurl.com/suidpath
Feel free to reopen the issue if that doesn't help