![subject](/tpl/images/cats/informatica.png)
Computers and Technology, 12.02.2020 03:25 steph2478
The PATH environment variable.
The system (const char *cmd) library function can be used to execute a command within a program. The way system (cmd) works is to invoke the /bin/sh program, and then let the shell program to execute cmd. Because of the shell program invoked, calling system() within a
Set-UID program is extremely dangerous. This is because the actual behavior of the shell program can be affected by environment variables, such as PATH. These environment variables are under user’s control. By changing these variables, malicious users can control the behavior of the Set-UID program. In bash, you can change the PATH environment variable in the following way (this example adds the directory /home/sec-lab to the beginning of the PATH environment variable):
sudo su
export PATH=/home/sec-lab:$PATH
The Set-UID program below is supposed to execute the /bin/ls command; however, the programmer only uses the relative path for the ls command, rather than the absolute path:
Create a file: make sure you are still in the bin folder (if not cd /bin)
nano setUID. c
copy the code to the file
#include
int main()
{
system("ls -la");
return 0;
}
gcc –o setUID setUID. c //this is to compile the c code
./setUID //to execute the executable file
Notice the output of files
cd /usr/local/
ls –la
Notice the bin folder is root (normal users, process and program should not have direct access) and your program had access to as it used the setUID
Question 12 - Can you let this Set-UID program (owned by root) run your code instead of /bin/ls? If you can, is your code running with the root privilege? Describe and explain your observations.
![ansver](/tpl/images/cats/User.png)
Answers: 3
Another question on Computers and Technology
![question](/tpl/images/cats/informatica.png)
Computers and Technology, 22.06.2019 15:30
To increase sales, robert sends out a newsletter to his customers each month, letting them know about new products and ways in which to use them. in order to protect his customers' privacy, he uses this field when addressing his e-mail. attach bcc forward to
Answers: 2
![question](/tpl/images/cats/informatica.png)
Computers and Technology, 23.06.2019 01:10
Are special combinations of keys that tell a computer to perform a command. keypads multi-keys combinations shortcuts
Answers: 1
![question](/tpl/images/cats/informatica.png)
Computers and Technology, 23.06.2019 13:30
Spoons are designed to be used for: spring hammering. applying body filler. identifying high and low spots. sanding highly formed areas.
Answers: 3
![question](/tpl/images/cats/informatica.png)
Computers and Technology, 24.06.2019 00:40
To maintain clarity and focus lighting might be needed
Answers: 2
You know the right answer?
The PATH environment variable.
The system (const char *cmd) library function can be used...
The system (const char *cmd) library function can be used...
Questions
![question](/tpl/images/cats/mat.png)
![question](/tpl/images/cats/mat.png)
Mathematics, 29.11.2021 01:00
![question](/tpl/images/cats/mat.png)
Mathematics, 29.11.2021 01:00
![question](/tpl/images/cats/fizika.png)
Physics, 29.11.2021 01:00
![question](/tpl/images/cats/himiya.png)
![question](/tpl/images/cats/mat.png)
![question](/tpl/images/cats/obshestvoznanie.png)
![question](/tpl/images/cats/fizika.png)
![question](/tpl/images/cats/mat.png)
![question](/tpl/images/cats/mat.png)
Mathematics, 29.11.2021 01:00
![question](/tpl/images/cats/istoriya.png)
History, 29.11.2021 01:00
![question](/tpl/images/cats/health.png)
![question](/tpl/images/cats/mat.png)
Mathematics, 29.11.2021 01:00
![question](/tpl/images/cats/User.png)
![question](/tpl/images/cats/mat.png)
Mathematics, 29.11.2021 01:00
![question](/tpl/images/cats/mat.png)
![question](/tpl/images/cats/health.png)
![question](/tpl/images/cats/mat.png)
Mathematics, 29.11.2021 01:00
![question](/tpl/images/cats/istoriya.png)
![question](/tpl/images/cats/himiya.png)
Chemistry, 29.11.2021 01:00