On Sun, 1 Aug 2021 12:41:58 +0200, aitor wrote in message
<a72e45a0-ab40-6257-5a39-91a7dd6791bb@???>:

> Hi,
>
> On 1/8/21 1:39, aitor wrote:
> > I'm looking for a safer way to run the binary with suid permissions
> > using the shared memory of the system to send a signal.
>
> Time ago somebody said me: "you can do nothing from your binary that
> i can't do externally from another binary".
>
> So, am i wasting time?

..nope.

>
> Today i've been testing the idea and it's working for me. I'd like to
> prepare an example and share with all of you to resolve
> vulnerabilities. The example consists of a window with a button (to
> run the suid binary) and another binary -the intruder- located in the
> same directory and trying to do the same by using the other party's
> PID pretending to be the window.

..you're being too damned naive: Why would the intruder not try to
e.g. use your PID?

> The result is a segmentation fault.

..which I would argue is good, unless you are trying to set up some
sort of honey trap.
For a public etc service, log what you need and restart that service.

> I insist on trying to find the safest approach to run the suid binary
> because this is important not only for simple-netaid, but also for
> hopman, which will require granted permissions for running the
> *eject* command or the like (among others?).
>
> Cheers,
>
> Aitor.

..that eject command Can be used with a CD player to push a
reset or power switch button. ;o)

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.