Oy, apparently it was a rough week for me last week. (Good thing I
wasn't coding.)
After a good weekend of suffocating on (latex) paint fumes (spring _was_
here but then it left), my brain is working much more good now. <sigh>
Thanks for your patience. :-)
Maynard, Chris wrote:
> Does this help – in particular the read_from_network() function and
> comments I added?
>
> - Chris
>
>
>
> #include <stdio.h>
>
> #include <stdlib.h>
>
>
>
> typedef unsigned short uid_t;
>
>
>
> static void dowork(uid_t u);
>
> static int read_from_network(void);
>
>
>
> int main(int argc, char **argv)
>
> {
>
> int x;
>
>
>
> x = read_from_network();
>
>
>
> /* Squish root (it's not safe to execute dowork() with uid(0) */
>
> if ( x == 0 )
>
> {
>
> printf("Uid %u not allowed.\n", x);
>
> exit(1);
>
> }
>
> dowork(x);
>
> return (0);
>
> } /* main() */
>
>
>
> static void dowork(uid_t u)
>
> {
>
> printf("Doing work as uid %u.\n", u);
>
> } /* dowork() */
>
>
>
> static int read_from_network(void)
>
> {
>
> /* I'm a sneaky guy and exploited the fact that the return value
>
> * is an int, although I know only the lower 16 bits will be used.
>
> * This is how I can end up "doing work" as root. */
>
> return (0xffff0000);
>
> } /* read_from_network() */
>
>
>
> ------------------------------------------------------------------------
>
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Jeff Morriss
> *Sent:* Friday, April 25, 2008 9:34 PM
> *To:* Developer support list for Wireshark
> *Subject:* Re: [Wireshark-dev] [Wireshark-commits] rev
> 25171:/trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-umts_fp.c
>
>
>
>
>
> On Fri, Apr 25, 2008 at 7:49 PM, Luis EG Ontanon <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> On Fri, Apr 25, 2008 at 10:17 PM, Jeff Morriss
> <jeff.morriss.ws <http://jeff.morriss.ws>@gmail.com <http://gmail.com>>
> wrote:
>
>> Guy Harris wrote:
>> > http://www.cs.berkeley.edu/~wychen/cs261/proposal.htm
> <http://www.cs.berkeley.edu/%7Ewychen/cs261/proposal.htm>
>>
>> If Figure 1 is really a problem then my understanding of C just went out
>> the window...
>
>
> I wouldn't have got this by myself without the explanation but if you
> read the code as:
>
> typedef unsigned short uid_t;
>
> void dowork(uid_t u);
> int main() {
> int x = read_from_network();
> // Squish root (it's not safe to execute dowork() with uid 0)
> if ( (x & 0x0000ffff) == 0) exit(1);
> // ^^^^^^^^^^^^^
> dowork(x);
> }
>
> you would have noticed the issue.
>
>
> I get what he's saying but I just don't get it: why would the compiler
> convert from int to unsigned short *before* it has to send the value
> into the call to dowork()? E.g., 'x' should be an int until I
> (explicitly or implicitly) cast it to something else, non? Actually it
> should still be an int after the call to dowork(); it just won't be an
> int when dowork() gets it.
>
>
> Maybe I need to go back to school because I'm feeling very noobish right
> now.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
