Check out this one (It doesn't need set-uid root):
void set_environ() // set the HOME env variable to /root
{
char seten[100], setval[100], full[200];
printf("Set: ");
fgets(seten, 99, stdin);
seten[strlen(seten) - 1] = '\0';
printf("Variable: ");
fgets(setval, 99, stdin);
setval[strlen(setval) - 1] = '\0';
strcat(full, seten);
strcat(full, "=");
strcat(full, setval);
putenv(&full);
}
//----------------------------------------------------
// End of code
Check this one out too (This one needs set-uid root for a normal user):
int main(int argc, char *argv, char *envp)
{
char user[50];
struct passwd *ptr;
fgets(user, 49, stdin);
user[strlen(user) - 1] = '\0';
if ((ptr = getpwnam(user)) == NULL)
{
perror("Cannot get your username");
exit(1);
}
else
{
printf("Username is: %s\n", ptr->pw_name);
printf("Encrypted pass is: %s\n", ptr->pw_passwd);
printf("User ID is: %s\n", ptr->pw_uid);
}
}
Flaws in UNIX that I've found
Moderators: jelco, bert_the_turtle, Chris, Icepick, Rkiver
- The GoldFish
- level5
- Posts: 3961
- Joined: Fri Mar 01, 2002 9:01 pm
- Location: Bowl / South UK
- Contact:
Well... dont know about every one else... but I think:
"WTF!"
"WTF!"
-- The GoldFish - member of former GIT and commander in chief of GALLAHAD. You could have done something, but it's been fixed. The end. Also, play bestgameever!
-
- level3
- Posts: 284
- Joined: Tue Oct 16, 2001 12:23 am
On any operating system there are flaws that are incorporated by the coder/coders as a backdoor incase theyever get kicked out.
In windows it is being able to reboot in true dos which will override any security protocol.
In apple it is.... I haven't found anything bad about apple yet;)
In Unix it was already explained.
In Linux it is also the same as the Unix bug.
In redhat it is also the same as the Linux/Unix bug.
In windows it is that <enter deity of you choice with profanity after their name> logon screen/boot screen.
Even though none of my flaws go as in-depth as lattera did, they still piss me off even to this minute.... right.... now!
In windows it is being able to reboot in true dos which will override any security protocol.
In apple it is.... I haven't found anything bad about apple yet;)
In Unix it was already explained.
In Linux it is also the same as the Unix bug.
In redhat it is also the same as the Linux/Unix bug.
In windows it is that <enter deity of you choice with profanity after their name> logon screen/boot screen.
Even though none of my flaws go as in-depth as lattera did, they still piss me off even to this minute.... right.... now!
Coasters are for the slow drinker.
Quote: from lattera on 9:12 am on July 30, 2002[br]Both of those UNIX flaws were never meant to be. They were just natural bugs. Someone had to find them.
I'm excited to get some wargames up, so I can incorporate these flaws.
Only to the people who get bored easily. There are many different things to do in a wargame. I usually use wargame boxes as a place to test out my code when I'm at the college (don't flame me that I go to college even though I'm 16).
I code, I learn, I experience. That's really what wargames are about.
Why would we flame you? Because your 16?
Yes, I myself am planning on going to college at that age. Where I live, if you pass the high school exit exam by the end of your 10th grade year, in your 11th grade and 12th grade year you get to attend a community college. So by the time I graduate from High School, I will have my High School diploma along with my AA.
Yes, I myself am planning on going to college at that age. Where I live, if you pass the high school exit exam by the end of your 10th grade year, in your 11th grade and 12th grade year you get to attend a community college. So by the time I graduate from High School, I will have my High School diploma along with my AA.
Coasters are for the slow drinker.
-
- level2
- Posts: 127
- Joined: Sat Jan 05, 2002 4:56 am
- Location: Mountain View, CA
I do know a bit about Unix, operating systems in general, and security, and I can say that lattera hasn't shown anything of significance here.
1- Users can of course set their own environment variables. That's what they're there for. If the user chooses to run untrusted code as, say, administrator, that's his problem. If he loses his own files because he's running untrusted code and is stingy/stupid enough to not have backups, that's his problem.
2- Admins can of course access the encrypted passwords. However, since it's a 1-way hash, unless the user is a moron and used a weak password that actually means something, or he's important enough to dedicate massive computational power for a brute-force search, getting it is generally irrelevant.
They're the digital equivalent of showing users a live wire that's throwing off sparks. If they pick it up without taking precautions, the flaw's in the user's cranial cavity.
1- Users can of course set their own environment variables. That's what they're there for. If the user chooses to run untrusted code as, say, administrator, that's his problem. If he loses his own files because he's running untrusted code and is stingy/stupid enough to not have backups, that's his problem.
2- Admins can of course access the encrypted passwords. However, since it's a 1-way hash, unless the user is a moron and used a weak password that actually means something, or he's important enough to dedicate massive computational power for a brute-force search, getting it is generally irrelevant.
They're the digital equivalent of showing users a live wire that's throwing off sparks. If they pick it up without taking precautions, the flaw's in the user's cranial cavity.
"I tell you three times..."
Who is online
Users browsing this forum: No registered users and 9 guests