$PATH variable is specified to set the file executable file where to located. For example, when we use the ls command we don’t have a to use the full paths ls command. Sometrimes it can be dangerous this situtation because it is a security problem if it is made misconfiguration.
We try to make an example to show the vulnerability. We create a c file as named misconfiguration Binary. c. We assume this file is created file incorrectly.
We complie a c file with gcc.
We change compiled file a.out to misconfigurationBinary.c
We are configuring the suid bit on file.
We create exploit named ls because we abuse ls command and we have to make ls name the file because we will add /tmp file in $PATH enviroment variable for the reason that $PATH variable look current directory firstly to run command. We use Shebang (!#) to execute file without python3. Thus, we add first command.
#!/usr/bin/python3
We give the file execution permission.
We add tmp file in $PATH environment variable with export command.
export PATH=<the path you want to add>:$PATH
We run missconfigurationBinary and we get root.
