Graphics Programs Reference
In-Depth Information
[DEBUG] found a 34 byte note for user id 999
this is a test of multiuser notes
-------[ end of note data ]-------
reader@hacking:~/booksrc $
When compiled and
setuid
root, the notesearch program works as
expected. But this is just a single user; what happens if a different user uses
the notetaker and notesearch programs?
reader@hacking:~/booksrc $ sudo su jose
jose@hacking:/home/reader/booksrc $ ./notetaker "This is a note for jose"
[DEBUG] buffer @ 0x804a008: 'This is a note for jose'
[DEBUG] datafile @ 0x804a070: '/var/notes'
[DEBUG] file descriptor is 3
Note has been saved.
jose@hacking:/home/reader/booksrc $ ./notesearch
[DEBUG] found a 24 byte note for user id 501
This is a note for jose
-------[ end of note data ]-------
jose@hacking:/home/reader/booksrc $
When the user jose uses these programs, the real user ID is 501. This
means that value is added to all notes written with notetaker, and only notes
with a matching user ID will be displayed by the notesearch program.
reader@hacking:~/booksrc $ ./notetaker "This is another note for the reader user"
[DEBUG] buffer @ 0x804a008: 'This is another note for the reader user'
[DEBUG] datafile @ 0x804a070: '/var/notes'
[DEBUG] file descriptor is 3
Note has been saved.
reader@hacking:~/booksrc $ ./notesearch
[DEBUG] found a 34 byte note for user id 999
this is a test of multiuser notes
[DEBUG] found a 41 byte note for user id 999
This is another note for the reader user
-------[ end of note data ]-------
reader@hacking:~/booksrc $
Similarly, all notes for the user reader have the user ID 999 attached to
them. Even though both the notetaker and notesearch programs are
suid
root and have full read and write access to the /var/notes datafile, the pro-
gram logic in the notesearch program prevents the current user from view-
ing other users' notes. This is very similar to how the /etc/passwd file stores
user information for all users, yet programs like
chsh
and
passwd
allow any user
to change his own shell or password.
0x284
Structs
Sometimes there are multiple variables that should be grouped together and
treated like one. In C,
structs
are variables that can contain many other vari-
ables. Structs are often used by various system functions and libraries, so
understanding how to use structs is a prerequisite to using these functions.
