Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @hacky02:~$ cat /Uebungen/Aufgabenblatt01/Aufgabe03/heap.c
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
- #define SECRETFILE "/Uebungen/Aufgabenblatt01/Aufgabe03/secret"
- #define PASSFILE "/Uebungen/Aufgabenblatt01/Aufgabe03/pass"
- #define ROOT_USER 1337
- void loadsecret(char *file, char *data, int len) {
- FILE *fp;
- fp = fopen(file, "r");
- if (fp){
- fgets(data, len, fp);
- fclose(fp);
- } else {
- printf("Error opening %s\n", file);
- exit(-1);
- }
- }
- void usage(char *app) {
- printf("Usage: %s username password\n\n", app);
- exit(-1);
- }
- int main(int argc, char **argv) {
- /* Allocating space on the heap for preventing overwrite of SEIP */
- char *username = malloc(64);
- char *password = malloc(64);
- char *secret = malloc(128);
- /* Checking for arguments */
- if (argc < 3) usage(argv[0]);
- /* Loading password from file */
- loadsecret(PASSFILE, password, 20);
- loadsecret(SECRETFILE, secret, 128);
- /* Dropping privs, so nobody can get root */
- /*setresuid(getuid(),getuid(),getuid());
- setresgid(getgid(),getgid(),getgid());*/
- setresuid(ROOT_USER,ROOT_USER,ROOT_USER);
- setresgid(ROOT_USER,ROOT_USER,ROOT_USER);
- strcpy(username, argv[1]);
- if ( strncmp(password, argv[2],20) == 0 ) {
- printf("Welcome %s!\n",username);
- printf("The secret data for today is:\n%s\n",secret);
- /* beeing paranoid and deleting the data from memory */
- free(secret);
- }
- }
Add Comment
Please, Sign In to add comment