Open spalburg opened 9 years ago
Archosian
commented
9 years ago What did you download exactly? In the releases tab you'll find SUIDGuard.kext.tar.bz2 which contains the folder that you need to place in the kernel extensions. If you are unsure of what you are doing I'd recommend using the new installer package (.pkg in the release) and running it.
spalburg
commented
9 years ago Cesar thanks for your swift reply
i downloaded the suidguardng.dmg and the suidguardng-installer.pkg
however due to your email i found the releases tab where i can see a tar.z2 file !
thank you so much
regards Milton
On Aug 5, 2015, at 3:58 PM, Cesar Roux Dit Buisson notifications@github.com wrote:
What did you download exactly? In the releases tab you'll find SUIDGuard.kext.tar.bz2 which contains the folder that you need to place in the kernel extensions. If you are unsure of what you are doing I'd recommend using the new installer package (.pkg in the release) and running it.
— Reply to this email directly or view it on GitHub https://github.com/sektioneins/SUIDGuard/issues/7#issuecomment-128005321.
stefanesser
commented
9 years ago Please notice that there is "https://www.suidguard.com/" and that you should download from there.
There is no need for a tar file. Just download the DMG Installer and install it. Over the weekend there will be an update also released over there and I will most probably package some uninstaller, too.
spalburg
commented
9 years ago stefan,
thanks for your swift reply
i first downloaded the .dmg installed it and still had the vunerabillaty after which i installed the .pkg still same thing
then after some reading i downloaded the tar.bz2 file and chmoded and chowed according to the instructions in the email conversatino on github still the same…
if you can point me in the right direction
regards Milton
On Aug 5, 2015, at 5:17 PM, Stefan Esser notifications@github.com wrote:
Please notice that there is "https://www.suidguard.com/ https://www.suidguard.com/" and that you should download from there.
There is no need for a tar file. Just download the DMG Installer and install it. Over the weekend there will be an update also released over there and I will most probably package some uninstaller, too.
— Reply to this email directly or view it on GitHub https://github.com/sektioneins/SUIDGuard/issues/7#issuecomment-128033625.
stefanesser
commented
9 years ago When you say it still has the vulnerability what do you mean?
Did you run the example script or one of the one-liner exploits attached to many media articles? If you did so then you "backdoored" your system. If you used our exploit then you will find /usr/bin/boomsh which provides a rootshell. You have to delete it manually after trying out the exploit. If you tried out the one-liner exploits floating around then you have new entries in the /etc/sudoers file that allow everyone to sudo without a password.
In anyway: if you ran any of the exploits on your system and did not undo the damage they caused - re-running them with SUIDGuard loaded will make it look like SUIDGuard failed, but in reality the re-run exploits made use of the already backdoored system.
spalburg
commented
9 years ago i ran your example script
EDITOR=/usr/bin/true DYLD_PRINT_TO_FILE=/this_system_is_vulnerable crontab -e
ls -la /
On Aug 5, 2015, at 5:27 PM, Stefan Esser notifications@github.com wrote:
When you say it still has the vulnerability what do you mean?
Did you run the example script or one of the one-liner exploits attached to many media articles? If you did so then you "backdoored" your system. If you used our exploit then you will find /usr/bin/boomsh which provides a rootshell. You have to delete it manually after trying out the exploit. If you tried out the one-liner exploits floating around then you have new entries in the /etc/sudoers file that allow everyone to sudo without a password.
In anyway: if you ran any of the exploits on your system and did not undo the damage they caused - re-running them with SUIDGuard loaded will make it look like SUIDGuard failed, but in reality the re-run exploits made use of the already backdoored system.
— Reply to this email directly or view it on GitHub https://github.com/sektioneins/SUIDGuard/issues/7#issuecomment-128038591.
downloaded the suidguard packages but can't find the tar file mentioned in the discussion where to look ?