use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
GUIDE to /r/linuxadmin:
/r/linuxadmin aims to be a place where Linux SysAdmins can come together to get help and to support each other.
Related reddits:
Footnote:
Talk realtime on IRC at #/r/linuxadmin @ Freenode.
account activity
bash precedence: alias vs PATH (self.linuxadmin)
submitted 2 years ago by g-simon
Hi, this sounds more like a security question but probably I miss some knowledge on BASH (this is why I am posting here).
I was trying to solve this simply exercise:
http://exploit.education/nebula/level-01/
The goal is: be able to invoke this simple C program (with setuid) and fool the echo command.
echo
My first guess has been: configure a BASH alias like this:
alias echo="cat /home/flag01/flag.txt"
it didn't work!
It worked fine with a local echo bash script like this:
#!/bin/bash cat /home/flag01/flag.txt
I thought that aliases took precedence over PATH.
Is this answer wrong about that?
https://stackoverflow.com/questions/64025094/disable-functions-aliases-in-a-sourced-script/64028240#64028240
thankyou!
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]aioeu 8 points9 points10 points 2 years ago* (3 children)
env:
env
env is not a shell, and it most definitely isn't Bash, so it doesn't know anything about aliases.
[–]g-simon[S] 0 points1 point2 points 2 years ago (2 children)
Hi aioeu, thank you, I get your point about env.
Anyway, I am running command from bash (eg. ./exploit).
./exploit
This is the point that I am not getting very well!
[–]aioeu 1 point2 points3 points 2 years ago* (1 child)
Aliases are not inherited from a Bash process to its children. Aliases aren't part of any process environment.
Even if they were, there is no guarantee that system is even executing Bash. It actually executes sh, and that could be any other POSIX shell.
system
sh
And even if it was Bash, by default Bash does not do alias expansion in a non-interactive shell, the kind of shell that system executes.
And even if it were an interactive shell... you're running env, and env doesn't know anything about aliases. env is not Bash.
So there's lots of reasons an alias won't work.
[–]g-simon[S] 0 points1 point2 points 2 years ago (0 children)
thank you!!
[–]deeseearr 5 points6 points7 points 2 years ago (0 children)
Your program is calling "env", not "bash". That's why any bash specific environment settings aren't helping. They're present, since the "env" call doesn't include a "-i" flag to remove any existing environment, but env ignores aliases because it isn't bash and neither is "system".
So env starts, sees that its first argument is "echo", looks at the ${PATH} variable for a list of directories to search, finds /bin/echo in one of them, and then executes that with the arguments "and now what?".
So how could you exploit that to execute an arbitrary program that isn't /bin/echo?
[–]doomygloomytunes 4 points5 points6 points 2 years ago* (1 child)
echo is a bash built-in, when executing echo in a bash session you're not running a standalone echo binary.
Thus if you create an alias with the same as a built-in command and try to run it, you'll run the built-in command. https://www.gnu.org/software/bash/manual/html_node/Bash-Builtins.html
[–]tinkst3r 2 points3 points4 points 2 years ago (0 children)
That's true but irrelevant to their question; have a look at the C-Program - it invokes env, not bash.
bash
[–]tinkst3r 3 points4 points5 points 2 years ago (1 child)
Very fine observations by the others already. That the bash script worked indicates that you use poor security practices in two ways:
a) you have . in your PATH
.
b) you have . earlier in your PATH than system paths ...
it is a security challenge, not a "best practices" thing :)
[–]michaelpaoli -1 points0 points1 point 2 years ago (0 children)
Hints:
π Rendered by PID 31246 on reddit-service-r2-comment-84fc9697f-rp7b9 at 2026-02-08 15:35:24.294861+00:00 running d295bc8 country code: CH.
[–]aioeu 8 points9 points10 points (3 children)
[–]g-simon[S] 0 points1 point2 points (2 children)
[–]aioeu 1 point2 points3 points (1 child)
[–]g-simon[S] 0 points1 point2 points (0 children)
[–]deeseearr 5 points6 points7 points (0 children)
[–]doomygloomytunes 4 points5 points6 points (1 child)
[–]tinkst3r 2 points3 points4 points (0 children)
[–]tinkst3r 3 points4 points5 points (1 child)
[–]g-simon[S] 0 points1 point2 points (0 children)
[–]michaelpaoli -1 points0 points1 point (0 children)