I am trying to test how secure my linux box is. I have been trying to gain root on my local machine, and have tried many diferent ways. The latest way i have been thinking about, is copying a shell, such as bash, that is owned by root. Setting it to setuid, so that when it is run, it has root priveledges.

The only problems that i have encountered are, firstly, copying bash, changes the ownership of the file from root, to an un-priveledged user. Secondly, you have to be root to setuid from within a shell.

ANY help would be greatly appreciated. And yes, i have already had a good look for myself! Thanks

lol yeah like you said you have to be root to setuid

Just find a suid'd program and overflow the buffer..
do the hackerslab styles, suprisingly quite alot of apps are suid..
or scoure the web for exploits and try em all out

How about making a copy of a shell, that can cause a buffer overflow itself, then automatically change the owner of the file to root, and setuid itself. Sort of like a stand-alone file, that would automatically gain you root, when it was executed. Obviously it would have to be system specific. Hmm, thats got me thinking now.