SUID binaries once again assisted a local privilege escalation attack. This is a major problem that distros can't keep ignoring.
SUID binaries once again assisted a local privilege escalation attack. This is a major problem that distros can't keep ignoring.
There's a claim upthread that a straightforward variation works against /etc/passwd.
You can also just use this to patch libc and turn close() into close-but-also-give-me-a-root-shell().