From de2709441546804fd163c8d60b7c38168d8e6133 Mon Sep 17 00:00:00 2001
From: Kavishka <kavishka2.colambatantri@live.uwe.ac.uk>
Date: Thu, 31 Mar 2022 16:22:49 -0400
Subject: [PATCH] - Code snippet used for Task 9;

---
 Task 9 - Capability Leaking/task9.c | 35 +++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 Task 9 - Capability Leaking/task9.c

diff --git a/Task 9 - Capability Leaking/task9.c b/Task 9 - Capability Leaking/task9.c
new file mode 100644
index 0000000..a87cad2
--- /dev/null
+++ b/Task 9 - Capability Leaking/task9.c	
@@ -0,0 +1,35 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <unistd.h>
+void main()
+{
+  int fd;
+/* Assume that /etc/zzz is an important system file,
+* and it is owned by root with permission 0644.
+* Before running this program, you should create
+* the file /etc/zzz first. */
+  setuid(getuid());
+  fd = open("/etc/zzz", O_RDWR | O_APPEND);
+	 if (fd == -1) {
+	printf("Cannot open /etc/zzz\n");
+	exit(0);
+}
+//setuid(getuid());
+/* Simulate the tasks conducted by the program */
+sleep(1);
+/* After the task, the root privileges are no longer
+* needed, it’s time to relinquish the root privileges
+* permanently. */
+//setuid(getuid()); /* getuid() returns the real uid */
+if (fork()) { /* In the parent process */
+close (fd);
+exit(0);
+} else { /* in the child process */
+/* Now, assume that the child process is compromised,
+* malicious attackers have injected the following
+* statements into this process */
+write (fd, "Malicious Data\n", 15);
+close (fd);
+}
+}
-- 
GitLab