Lesson 12

Date: 4/12/2017
Basics of Linux Security
Linux System Administration


Stack overflow exercise.

  • A code prompts for password, reads it from keyboard, and gives the root shell.
    
    #include <stdio.h>
    #include <string.h>
    
    int main()
    {
        char buff[10]; //Defines the input array buff of 10 Bytes size 
        int pass = 0;
    
        printf("\n Enter the password : \n");
        gets(buff);
    
        if(strcmp(buff, "Password1") != 0)
        {
            printf ("\n Wrong Password \n");
        }
        else
        {
            printf ("\n Correct Password \n");
            pass = 1;
        }
    
        if(pass != 0)
        {
            printf ("pass=, %3d", pass); //See how variable 'pass' is corrupted
    
           /* Now Give root or admin rights to user*/
            printf ("\n Root privileges given to the user \n");
    
            setuid(0);
            system("/bin/bash"); 
        }
    
        return 0;
    }
    

  • Any given password string, exceeding 11 letters, would corrupt the memory region, containing variable pass, therefore cause the code to give the root shell.


    Exercise
    Download the source code and the Makefile:
    
    wget http://linuxcourse.rutgers.edu/lessons/Security/Downloads/root_shell.c
    wget http://linuxcourse.rutgers.edu/lessons/Security/Downloads/Makefile  
    

    Compile the source code, and assigne setuid root to the compiled executable:
    
    make
    

    Run the executable:
     
    ./root_shell
    
    When prompted for password, type in a long string:
     
    RRRRRRRRRRRRRRRRRRRR
    
    Notice, you got the root shell.


  • Take me to the Course Website