aboutsummaryrefslogtreecommitdiff
path: root/semestr-5/so/lista4/so21_lista_4/leaky.c
diff options
context:
space:
mode:
Diffstat (limited to 'semestr-5/so/lista4/so21_lista_4/leaky.c')
-rw-r--r--semestr-5/so/lista4/so21_lista_4/leaky.c30
1 files changed, 30 insertions, 0 deletions
diff --git a/semestr-5/so/lista4/so21_lista_4/leaky.c b/semestr-5/so/lista4/so21_lista_4/leaky.c
new file mode 100644
index 0000000..9257d5c
--- /dev/null
+++ b/semestr-5/so/lista4/so21_lista_4/leaky.c
@@ -0,0 +1,30 @@
+#include "csapp.h"
+
+int main(int argc, char **argv) {
+ long max_fd = sysconf(_SC_OPEN_MAX);
+
+ /* Initialize PRNG seed. */
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ srandom(tv.tv_usec);
+
+ /* This opens a file with password that is checked later. */
+ int fd_1 = Open("mypasswd", O_RDONLY, 0);
+ int fd_2 = 3 + random() % (max_fd - 3);
+ (void)Dup2(fd_1, fd_2);
+ Close(fd_1);
+ Lseek(fd_2, 0, SEEK_END);
+
+ /* TODO: Something is missing here to fix the issue! */
+ fcntl(fd_2, F_SETFD, FD_CLOEXEC);
+ /* Let's suppose a user typed in correct password and was allowed to execute
+ * a command and they choose to run our program. */
+ int rc = system("./innocent");
+ if (rc < 0)
+ unix_error("System error");
+
+ /* At this point we may finally close the file. */
+ Close(fd_2);
+
+ return rc;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 21:34:23 +0000