Ziceam zilele trecute ca vreau ca un user de r�nd sa execute `iptables -t
filter -L <chain> -n -v -x`.
Ionut Spirlea mi-a indicat cum sa fac setuid. Am facut stub-ul si am fost
happy. Rulez ceva de genul `iptables_mrtg acc_in` si mierje.
Dupa aia am inceput sa-mi pun probleme... Se poate executa ceva de genul:
`iptables_mrtg "; ls -l /root/;`. Nu mai sunt happy...
Drept care am facut oarece validari pe parametrul pe care-l primesc, si e
mai bine.
Asa cum am mai spus, ceva C mai stiu eu, da' programare sub Linux ioc. Drept
care supun ironiei publice codul de mai jos.
Mihai
/****************************************/
#include <stdlib.h>
#include <unistd.h>
int usage()
{
printf(
"iptables_mrtg ver. 0.99\n"
"\n"
"usage: iptables_mrtg <chain>\n"
);
return 1;
}
int valid_char(const char ch)
{
return isalnum(ch) || (ch == '_');
}
int check_chain(const char * chain)
{
int isvalid = 1;
const char * ptr;
if(strlen(chain) > 16)
isvalid = 0;
else
for(ptr = chain; ptr && *ptr; ptr++)
if (!valid_char(*ptr))
{
isvalid = 0;
break;
}
return isvalid;
}
int doit(const char * chain)
{
char buffer[1024];
sprintf(buffer, "/sbin/iptables -t filter -L %s -n -v -x", chain);
setuid(0);
return system(buffer);
}
int main(int argc, char **argv)
{
if (argc != 2)
return usage();
if(!check_chain(argv[1]))
{
printf("Invalid chain name\n");
return 1;
}
return doit(argv[1]);
}
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
