New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cleanup is_root? method for Linux::Priv / Solaris::Priv #10634

Merged
merged 1 commit into from Sep 13, 2018

Conversation

Projects
None yet
2 participants
@bcoles
Contributor

bcoles commented Sep 13, 2018

This PR cleans up the is_root? method for Msf::Post::Linux::Priv and Msf::Post::Solaris::Priv.

The Solaris implementation assumed the user was root, unless the results of the id command indicated otherwise. It also did not raise if an error was encountered. This was problematic, as if the cmd_exec call failed for any reason, the method would return true. This PR brings the Solaris implementation inline with the Linux implementation, by first cleaning the user ID before comparison, and raise if something goes wrong.

The Linux implementation was fine, however the logic was a little redundant. It assumed false, then took a code branch containing a nested code branch that set true or false. I cleaned it up while I was at it. It's now identical in function to the Solaris implementation, differing only in the path to the id executable.

@bcoles bcoles added the library label Sep 13, 2018

@h00die h00die added the bug label Sep 13, 2018

@h00die h00die self-requested a review Sep 13, 2018

@h00die

This comment has been minimized.

Show comment
Hide comment
@h00die

h00die Sep 13, 2018

Contributor

Solaris 10 non-root:

[*] is_root?
[*] false

Solaris 10 root:

[*] is_root?
[*] true

I did get a chance to have it bug on me, and it handled it well.

[*] is_root?
[-] Exploit failed: RuntimeError Could not determine UID: ""

Tested on Ubuntu 18.04, 16.04, Fedora 13, Solaris 10, root and user, both worked as expected.

Contributor

h00die commented Sep 13, 2018

Solaris 10 non-root:

[*] is_root?
[*] false

Solaris 10 root:

[*] is_root?
[*] true

I did get a chance to have it bug on me, and it handled it well.

[*] is_root?
[-] Exploit failed: RuntimeError Could not determine UID: ""

Tested on Ubuntu 18.04, 16.04, Fedora 13, Solaris 10, root and user, both worked as expected.

@h00die

h00die approved these changes Sep 13, 2018

@h00die h00die merged commit 53a326c into rapid7:master Sep 13, 2018

2 of 3 checks passed

continuous-integration/travis-ci/pr The Travis CI build failed
Details
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details

h00die added a commit that referenced this pull request Sep 13, 2018

@h00die

This comment has been minimized.

Show comment
Hide comment
@h00die

h00die Sep 13, 2018

Contributor

Release Notes

This PR fixes a bug in is_root? on linux/solaris. It also helps sync the logic between the two modules.

Contributor

h00die commented Sep 13, 2018

Release Notes

This PR fixes a bug in is_root? on linux/solaris. It also helps sync the logic between the two modules.

msjenkins-r7 added a commit that referenced this pull request Sep 13, 2018

@bcoles bcoles deleted the bcoles:lib-posix-priv branch Sep 13, 2018

@h00die h00die self-assigned this Sep 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment