On 0, "Eric G. Miller" <[email protected]> wrote: > On Wed, May 15, 2002 at 05:17:41PM +0930, Tom Cook wrote: > > > However, you are not entirely correct. This does, in fact, compile, > > with the exception of the type of execve for execv. It also, funnily > > enough, doesn't loop infinitely, which makes me think that the execv > > call is just failing. I am Interested, but not enough to figure out > > Why. > > $ gcc -g -Wall -o suidscript suidscript.c > suidscript.c: In function `main': > suidscript.c:4: warning: passing arg 2 of `execve' from incompatible > pointer type > suidscript.c:4: too few arguments to function `execve' > $ ls suidscript > ls: suidscript: No such file or directory
You didn't fix the typo I pointed out.
> Note: I said "semantically", since you pass argv[0] as the command to
> execute, the program will keep executing itself (if argv[0] is fully
> qualified). But, if you managed to get it to compile, it no doubt is
> segfaulting due to noted errors above.
It compiles fine for me (after the typo is corrected). You are
correct, the call should be:
execv( argv[1], argv[2] );
For the fanatically correct, this might be better:
execv( argv[1], argv + sizeof( argv[1] ) );
but the effect is the same (in fact the generated code is probably the
same).
As I mentioned, though, it doesn't loop indefinitely, even when you
try to execv argv[0] - it just exits. No segfault. No indefinite
loop.
Tom
--
Tom Cook
Information Technology Services, The University of Adelaide
"A child of five could understand this. Fetch me a child of five."
- Groucho Marx
Get my GPG public key:
https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au
pgp6nkxwlol8A.pgp
Description: PGP signature
