salut,
ca idee .. io n-as fi folosit system()
ci una dintre exec* () man 3 exec ..
On Tue, 25 Sep 2001, Mihai Marusca wrote:
>
> Ziceam zilele trecute ca vreau ca un user de r=EEnd sa execute `iptables =
-t
> filter -L <chain> -n -v -x`.
> Ionut Spirlea mi-a indicat cum sa fac setuid. Am facut stub-ul si am fost
> happy. Rulez ceva de genul `iptables_mrtg acc_in` si mierje.
>
> Dupa aia am inceput sa-mi pun probleme... Se poate executa ceva de genul:
> `iptables_mrtg "; ls -l /root/;`. Nu mai sunt happy...
>
> Drept care am facut oarece validari pe parametrul pe care-l primesc, si e
> mai bine.
>
> Asa cum am mai spus, ceva C mai stiu eu, da' programare sub Linux ioc. Dr=
ept
> care supun ironiei publice codul de mai jos.
>
> Mihai
>
> /****************************************/
> #include <stdlib.h>
> #include <unistd.h>
>
> int usage()
> {
> printf(
> "iptables_mrtg ver. 0.99\n"
> "\n"
> "usage: iptables_mrtg <chain>\n"
> );
> return 1;
> }
>
> int valid_char(const char ch)
> {
> return isalnum(ch) || (ch =3D=3D '_');
> }
>
> int check_chain(const char * chain)
> {
> int isvalid =3D 1;
> const char * ptr;
> if(strlen(chain) > 16)
> isvalid =3D 0;
> else
> for(ptr =3D chain; ptr && *ptr; ptr++)
> if (!valid_char(*ptr))
> {
> isvalid =3D 0;
> break;
> }
> return isvalid;
> }
>
> int doit(const char * chain)
> {
> char buffer[1024];
> sprintf(buffer, "/sbin/iptables -t filter -L %s -n -v -x", chain);
> setuid(0);
> return system(buffer);
> }
>
> int main(int argc, char **argv)
> {
> if (argc !=3D 2)
> return usage();
> if(!check_chain(argv[1]))
> {
> printf("Invalid chain name\n");
> return 1;
>
> }
> return doit(argv[1]);
> }
-----
Ionut Spirlea,
http://sgi.rdscv.ro/~ionuts/
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
