ifcf-<whatever> script to /etc/sysconfig/network-scripts
If, for whatever reason, a user is able to write an ifcf- script to /etc/sysconfig/network-scripts or it can adjust an existing one, then your system in pwned.
For example:
/etc/sysconfig/network-scripts/ifcfg-1337
NAME=Network /bin/id <= Note the blank space
ONBOOT=yes
DEVICE=eth0
In my case, the NAME= attributed in these network scripts is not handled correctly. If you have white/blank space in
the name the system tries to execute the part after the white/blank space. Which means; everything after the first
blank space is executed as root.
you can just run the script with sudo and do something like "Network bash" to get root.
Last modified 1yr ago