Can you let this Set-UID program (owned by root) run??

goldengriff · 11-20-2013, 06:42 AM

hi dear's,
The system(const char *cmd) library function can be used to execute a command within a program. The way system(cmd) works is to invoke the /bin/sh program, and then let the shell program to execute cmd. Because of the shell program invoked, calling system() within a Set-UID program is extremely dangerous. This is because the actual behavior of the shell program can be affected by environment variables, such as PATH; these environment variables are under user’s control. By changing these variables, malicious users can control the behavior of the Set-UID program.
The Set-UID program below is supposed to execute the /bin/ls command; however, the programmer only uses the relative path for the ls command, rather than the absolute path:
int main()
{
system("ls");
return 0;
}
Can you let this Set-UID program (owned by root) run your code instead of /bin/ls? If you can, is your code running with the root privilege?
thanks

linosaurusroot · 11-20-2013, 07:10 AM

You can, it is, that is unsafe. Actually some shells drop an euid if different from ruid but you don't want to rely on that.

Code:

int main()
{
execl("/bin/ls", "ls", (char *)0);
return 0;
}

Ser Olmy · 11-20-2013, 07:15 AM

If you have a specific question about your assignment (page 2, lab task 4), that's fine, but don't expect others to do your homework for you.

goldengriff · 11-20-2013, 07:16 AM

dear linosaurusroot,
i run ur code, but below error showed:
tcnewcode.c: In function ‘main’:
tcnewcode.c:6:1: warning: incompatible implicit declaration of built-in function ‘execl’ [enabled by default]
why??
your complete code is:

Code:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
int main()
{
execl("/bin/ls", "ls", (char *)0);
return 0;
}

widget · 11-20-2013, 03:39 PM

There are many people on this forum to whom English is not their native language. This is an English language forum.

Try to use English so that people can have a chance to understand what you are trying to get across to them rather than look like u r dumb.

linosaurusroot · 11-20-2013, 07:54 PM

Quote:

Originally Posted by goldengriff

dear linosaurusroot,
i run ur code, but below error showed:
tcnewcode.c: In function ‘main’:
tcnewcode.c:6:1: warning: incompatible implicit declaration of built-in function ‘execl’ [enabled by default]
why??
your complete code is:

Code:

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
int main()
{
execl("/bin/ls", "ls", (char *)0);
return 0;
}

"man execl" tells you to use "#include <unistd.h>" ... it is good to check man pages before asking here.