LinuxQuestions.org
Support LQ: Use code LQCO20 and save 20% on CrossOver Office
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page I'm a wannabe
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Closed Thread
 
LinkBack Search this Thread
Old 04-07-2003, 09:33 PM   #1
rmartine
Member
 
Registered: Dec 2002
Location: San Luis Obispo, CA
Distribution: Fedora Core 3
Posts: 618

Rep: Reputation: 30
I'm a wannabe

OK.. I've been reading about a few exploits and I decided to create a simple bin that could be open to an IFS exploit. Could someone tell me what I'm doing wrong?? No matter what I set IFS to it will always run /bin/date correctly. What I'm shooting for is bin: command not found. Then I'll make a bin script to say hello or something like that.

Here is my exploitable program.
Code:
#include <stdio.h> // habit

void main()
{
   execl("/bin/date", "date", "+%D", NULL);
}
Here is my shell script to set PATH, IFS, and execute the program
Code:
#!/bin/sh
export IFS=/
export PATH=.:$PATH
/home/rmartine/bad_proggie
Any help here would be great. Thanks.
 
Old 04-08-2003, 04:19 AM   #2
llama_meme
Member
 
Registered: Nov 2001
Location: London, England
Distribution: Gentoo, FreeBSD
Posts: 590

Rep: Reputation: 30
exec* system calls don't work through the shell, so the value of IFS doesn't affect them. Use the system(...) function instead.

Alex
 
Old 04-08-2003, 12:38 PM   #3
rmartine
Member
 
Registered: Dec 2002
Location: San Luis Obispo, CA
Distribution: Fedora Core 3
Posts: 618

Original Poster
Rep: Reputation: 30
OK.. thanks. I tried using the system line but I still can't make it say

bin: command not found

Is there some protection my shell could have to prevent people from messing with IFS??

Here is my new "vulnerable code" My exploit script is above.
Code:
#include <stdlib.h>
#include <stdio.h>

int main()
{
	int returnVal;
	
	//execl("/bin/date", "date", "+%D", NULL);	
	
	returnVal = system("/bin/date +%D");
	
	return 0;
}
I changed the return type of main to make the compiler stop complaining.
 
Old 04-08-2003, 03:42 PM   #4
revrendi
LQ Newbie
 
Registered: Mar 2003
Location: California, USA
Distribution: Linux from Scratch
Posts: 9

Rep: Reputation: 0
The behavior you're expecting will no longer work when you're using bash. See the mention of IFS use in http://www.gnu.org/manual/bash-2.05a...12.html#SEC129
That means bash will use IFS for things like:

/bin/bash -c 'SPLIT=1/2/3; IFS=/; for x in $SPLIT; do echo $x; done'

But it won't break up the path of a command.
 
Old 04-08-2003, 05:50 PM   #5
rmartine
Member
 
Registered: Dec 2002
Location: San Luis Obispo, CA
Distribution: Fedora Core 3
Posts: 618

Original Poster
Rep: Reputation: 30


Darn.... back to the drawing board.
 
Old 04-08-2003, 08:44 PM   #6
crabboy
Moderator
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,755

Rep: Reputation: 88
It is not the objective of this site to spread or share the details of 'cracks'. Although you may consider this post to be educational; the last any legitimate Linux user wants to see is some script kiddy to run with such info and cause harm.

Gary
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
wannabe fedora user anant_in_a_fix Fedora - Installation 10 12-05-2005 11:37 AM
Newbie kernel-tweaking wannabe Yalla-One Slackware 15 03-31-2005 05:02 AM
Frustrated slackware 9 wannabe slackergeek Linux - Hardware 4 06-11-2004 11:00 AM
a non-programming newbie wannabe llee Linux - Software 7 05-06-2003 08:20 PM


All times are GMT -5. The time now is 03:39 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration