- Code snippet used for Task 9;

de270944 · k2-colambatant · 6e453b12 · de270944
Commit de270944 authored 3 years ago by k2-colambatant
--- a/Task 9 - Capability Leaking/task9.c
+++ b/Task 9 - Capability Leaking/task9.c
+#include <stdio.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <unistd.h>
+void main()
+{
+  int fd;
+/* Assume that /etc/zzz is an important system file,
+* and it is owned by root with permission 0644.
+* Before running this program, you should create
+* the file /etc/zzz first. */
+  setuid(getuid());
+  fd = open("/etc/zzz", O_RDWR | O_APPEND);
+	 if (fd == -1) {
+	printf("Cannot open /etc/zzz\n");
+	exit(0);
+}
+//setuid(getuid());
+/* Simulate the tasks conducted by the program */
+sleep(1);
+/* After the task, the root privileges are no longer
+* needed, it’s time to relinquish the root privileges
+* permanently. */
+//setuid(getuid()); /* getuid() returns the real uid */
+if (fork()) { /* In the parent process */
+close (fd);
+exit(0);
+} else { /* in the child process */
+/* Now, assume that the child process is compromised,
+* malicious attackers have injected the following
+* statements into this process */
+write (fd, "Malicious Data\n", 15);
+close (fd);
+}
+}