Thursday, April 07, 2005

Lady, tell me the time.

This program is a SUID program (see my previous post).

int main()
{
System("date");
}

What does it do?
It basically executes command called "date".

Now, what is problem with it?

PS: Lady seems to be blonde

Thanks,
Sandeep

8 comments:

Matrix said...

One can write their own date program and place it in the path prior to the location where the standard date command would exist and thats it...

SG said...

Kewl.
So, what would you do about it?
call system in following way:

System("/usr/bin/date");

Now, find the problems associated with it.

Matrix said...

It executes in user's current shell. right? If so, the user still has some control over this.

What all can he do if it runs in his shell????

Should we be running this in an exclusive shell like

System("/bin/sh -c /usr/bin/date");

~matrix

SG said...
This comment has been removed by a blog administrator.
SG said...

What happens if I set IFS='/'???
[IFS is internal field separator. Shell uses it to split the param argumument list]

Your command will be interpreted as "bin as -c usr bin date".
And I can create a program called "bin" in my current directory and get it executed by Blonde.

Isn't it?

#Alpha0

SG said...

Now a days, it seems that shells( especially bash) do dont allow changing the IFS.

SG said...

Not really.
I used to use this trick in old Digital Unix system.
I tried it with csh,ksh and bash. It doesnt seem to work.
Thanks Rzo for keeping me update.

--Alpha0

Unknown said...


Thanks for sharing this valuable information to our vision. Data Scientist course in India