Question

As we know, the system() function calls /bin/sh, which is a symbolic link to /bin/bash. Recent...

As we know, the system() function calls /bin/sh, which is a symbolic link to /bin/bash. Recent versions of bash will drop the privilege if it detects that the effective user ID and the real user ID are different. Assume that we still want to use system() in our Return-tolibc attack, please describe how you can overcome this challenge. You are allowed to have zeros in your input (assume that memcpy() is used for memory copy, instead of strcpy())
Engineering   Computer-Science   
0 0
Add a commentTranscribed image text
Next >

Homework Answers

Answer #1

For the given question,

•If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, the effective user id is set to the real user id.

•If the -p option is supplied at startup, the effective user id is not reset.

•Turning this option off causes the effective user and group ids to be set to the real user and group ids.

•You were almost there with your ln command - except you probably needed to include the -f flag ('force') in order to overwrite the old link - also it's preferable to use a relative path for the target

sudo ln -sf bash /bin/sh

•When you're done with the install, you can revert to the system default with

sudo ln -sf dash /bin/sh

•There should be no need to change the script file 'shebangs'

0 0
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT