Probably the shell is changing its effective user ID back to the real user ID as part of its startup for some reason or another. You could verify this by adding:/* needs _GNU_SOURCE; non-Linux users see setregid/setreuid instead */uid_t euid = geteuid(), egid = getegid();setresgid(egid, egid, egid);setresuid(euid, euid, euid); before your system(). (..

What changed is that /bin/sh either became bash or stayed dash which got an additional flag -p mimicking bash's behaviour.Bash requires the -p flag to not drop setuid privilege as explained in its man page: If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no ..

No, it is not possible. (It might be a trick question :-). TCP Wrapper (tcp_wrappers_7.6.tar.gz) Wietse Venema's network logger, also known as TCPD or LOG_TCP. These programs log the client host name of incoming telnet, ftp, rsh, rlogin, finger etc. requests. To fetch a website, a web browser makes an outgoing request. (And web browsers do not ..

debsecan uses a series of databases which record vulnerabilities and the availability of fixes; but those databases are only available for Debian suites. If you run it on a Ubuntu system, the results at minimum won’t account for security issues fixed in Ubuntu-specific releases, e.g. QEMU which receives security releases for Ubuntu which are separate from ..

VMWare ESX is a bare metal hypervisor installed from the ground up on Intel architecture machines.If we are talking about Solaris for Intel, we are talking about VmWare ESX on the physical machine itself where now Solaris runs being reinstalled witj VmWare ESX (probably, I would double check).Otherwise, Solaris for Intel can be installed on a VM in a ..

As you point out the user may not be able to do any permanent damage to the system without admin rights but there is a lot they can do which you'd prefer they didn't. Zombie machines get used for carrying out DDOS attacks and sending spam or as proxies for carrying out further attacks. It's a particular problem with IoT devices at the moment. Those ..

The command you are running, modprobe -n -v cramfs does nothing except output what it would do as you passed -n which is the short option for --dry-run. The output insmod /lib/modules/3.10.0-693.el7.x86_64/kernel/fs/cramfs/cramfs.ko.xz would load the cramfs module at that location.You probably wanted to do modprobe -v -r cramfs as the -r flag is the short ..

No, those files are leftovers from you editing the /etc/sudoers files with vim and not saving the file and exiting the editor properly. Unless you need to recover data from a previous editing session, and unless you are currently editing the file, these can be deleted.See :help swap-file in vim.

Kusalananda♦

TCP wrappers have been falling out of fashion. Webservers (Apache and others) might need to be compiled with support for TCP wrappers. Apache and Nginx have their own methods and modules which normally are used.The Web server, Nginx, also does not support TCP wrappers, but there is a module to support them at this address: https://github.com/sjinks/..

Snap has several 'confinements'. The most popular is called 'strict', which severely limits what an app can access. The app has to explicitly ask for permission to access user files, network access or processes. These apps are sandboxed and are therefore safer.However, some apps run in 'classical' confinement, which allows access to all of these things, ..