LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page I'm a wannabe
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Closed Thread
  Search this Thread
Old 04-07-2003, 09:33 PM   #1
rmartine
Member
 
Registered: Dec 2002
Location: San Luis Obispo, CA
Distribution: Fedora Core 3
Posts: 618

Rep: Reputation: 30
I'm a wannabe

OK.. I've been reading about a few exploits and I decided to create a simple bin that could be open to an IFS exploit. Could someone tell me what I'm doing wrong?? No matter what I set IFS to it will always run /bin/date correctly. What I'm shooting for is bin: command not found. Then I'll make a bin script to say hello or something like that.

Here is my exploitable program.
Code:
#include <stdio.h> // habit

void main()
{
   execl("/bin/date", "date", "+%D", NULL);
}
Here is my shell script to set PATH, IFS, and execute the program
Code:
#!/bin/sh
export IFS=/
export PATH=.:$PATH
/home/rmartine/bad_proggie
Any help here would be great. Thanks.
 
Old 04-08-2003, 04:19 AM   #2
llama_meme
Member
 
Registered: Nov 2001
Location: London, England
Distribution: Gentoo, FreeBSD
Posts: 590

Rep: Reputation: 30
exec* system calls don't work through the shell, so the value of IFS doesn't affect them. Use the system(...) function instead.

Alex
 
Old 04-08-2003, 12:38 PM   #3
rmartine
Member
 
Registered: Dec 2002
Location: San Luis Obispo, CA
Distribution: Fedora Core 3
Posts: 618

Original Poster
Rep: Reputation: 30
OK.. thanks. I tried using the system line but I still can't make it say

bin: command not found

Is there some protection my shell could have to prevent people from messing with IFS??

Here is my new "vulnerable code" My exploit script is above.
Code:
#include <stdlib.h>
#include <stdio.h>

int main()
{
	int returnVal;
	
	//execl("/bin/date", "date", "+%D", NULL);	
	
	returnVal = system("/bin/date +%D");
	
	return 0;
}
I changed the return type of main to make the compiler stop complaining.
 
Old 04-08-2003, 03:42 PM   #4
revrendi
LQ Newbie
 
Registered: Mar 2003
Location: California, USA
Distribution: Linux from Scratch
Posts: 9

Rep: Reputation: 0
The behavior you're expecting will no longer work when you're using bash. See the mention of IFS use in http://www.gnu.org/manual/bash-2.05a...12.html#SEC129
That means bash will use IFS for things like:

/bin/bash -c 'SPLIT=1/2/3; IFS=/; for x in $SPLIT; do echo $x; done'

But it won't break up the path of a command.
 
Old 04-08-2003, 05:50 PM   #5
rmartine
Member
 
Registered: Dec 2002
Location: San Luis Obispo, CA
Distribution: Fedora Core 3
Posts: 618

Original Poster
Rep: Reputation: 30


Darn.... back to the drawing board.
 
Old 04-08-2003, 08:44 PM   #6
crabboy
Senior Member
 
Registered: Feb 2001
Location: Atlanta, GA
Distribution: Slackware
Posts: 1,821

Rep: Reputation: 121Reputation: 121
It is not the objective of this site to spread or share the details of 'cracks'. Although you may consider this post to be educational; the last any legitimate Linux user wants to see is some script kiddy to run with such info and cause harm.

Gary
 
  


Closed Thread



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
wannabe fedora user anant_in_a_fix Fedora - Installation 10 12-05-2005 11:37 AM
Newbie kernel-tweaking wannabe Yalla-One Slackware 15 03-31-2005 05:02 AM
Frustrated slackware 9 wannabe slackergeek Linux - Hardware 4 06-11-2004 11:00 AM
a non-programming newbie wannabe llee Linux - Software 7 05-06-2003 08:20 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 09:23 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration