Computers and Technology, 12.02.2020 03:25 steph2478
The PATH environment variable.
The system (const char *cmd) library function can be used to execute a command within a program. The way system (cmd) works is to invoke the /bin/sh program, and then let the shell program to execute cmd. Because of the shell program invoked, calling system() within a
Set-UID program is extremely dangerous. This is because the actual behavior of the shell program can be affected by environment variables, such as PATH. These environment variables are under user’s control. By changing these variables, malicious users can control the behavior of the Set-UID program. In bash, you can change the PATH environment variable in the following way (this example adds the directory /home/sec-lab to the beginning of the PATH environment variable):
sudo su
export PATH=/home/sec-lab:$PATH
The Set-UID program below is supposed to execute the /bin/ls command; however, the programmer only uses the relative path for the ls command, rather than the absolute path:
Create a file: make sure you are still in the bin folder (if not cd /bin)
nano setUID. c
copy the code to the file
#include
int main()
{
system("ls -la");
return 0;
}
gcc –o setUID setUID. c //this is to compile the c code
./setUID //to execute the executable file
Notice the output of files
cd /usr/local/
ls –la
Notice the bin folder is root (normal users, process and program should not have direct access) and your program had access to as it used the setUID
Question 12 - Can you let this Set-UID program (owned by root) run your code instead of /bin/ls? If you can, is your code running with the root privilege? Describe and explain your observations.
Answers: 3
Computers and Technology, 23.06.2019 03:50
Q-1 which of the following can exist as cloud-based it resources? a. physical serverb. virtual serverc. software programd. network device
Answers: 1
Computers and Technology, 23.06.2019 10:20
Suppose there is a relation r(a, b, c) with a b+-tree index with search keys (a, b).1. what is the worst-case cost of finding records satisfying 10 < a < 50 using this index, in terms of the number of records n1, retrieved and the height h of the tree? 2. what is the worst-case cost of finding records satisfying 10 < a < 50 and 5 < b < 10 using this index, in terms of the number of records n2 that satisfy this selection, as well as n1 and h defined above? 3. under what conditions on n1 and n2, would the index be an efficient way of finding records satisfying the condition from part (2)?
Answers: 1
Computers and Technology, 24.06.2019 08:20
Evaluate the scenario below and indicate how to handle the matter appropriately. situation: michael received an e-mail from what he thought was his doctor’s office, requesting his social security number. since he had just been in to see his doctor last week, he replied to the e-mail with his social security number.
Answers: 2
Computers and Technology, 24.06.2019 17:30
Looking at the electroscope, describe how you can cause the two leaves at the bottom to repel each other and stay that way
Answers: 3
The PATH environment variable.
The system (const char *cmd) library function can be used...
The system (const char *cmd) library function can be used...
Physics, 02.08.2019 18:30
Geography, 02.08.2019 18:30
English, 02.08.2019 18:30
Biology, 02.08.2019 18:30
Mathematics, 02.08.2019 18:30
Mathematics, 02.08.2019 18:30
Mathematics, 02.08.2019 18:30
History, 02.08.2019 18:30
Mathematics, 02.08.2019 18:30
Biology, 02.08.2019 18:30
Social Studies, 02.08.2019 18:30