Software security Assessment

1. When a shell variable containing a shell function definition is passed down to a child process as an environment variable, what is going to happen to the function definition? 2. Instead of putting an extra shell command after a function definition, we put it at the beginning (see the following example). We then run Bash, which is vulnerable to the Shellshock attack. Will the shell command echo world be executed? $ export foo='echo world; 0 { echo hello;}' $ bash 3. For the Shellshock vulnerability to be exploitable, two conditions need to be satisfied. What are these two conditions? 4. Instead of using a function definition in the Shellshock attack against CGI programs, can we directly put shell commands inside the User-Agent field, so when Bash is triggered, the shell command can be executed? 5. We run "nc -Ivp 7070" on Machine 1 (IP address is 10.0.2.6), and we then type the following command on Machine 2. Describe what is going to happen? $/bin/cat /tep/10.0.2.6/7070 >&0 6. Consider the following program #include #include #include axtorn char *onviron; int main() char *args[] - "/bin/sh", "-", "/bin/ls", NULL pid t pid = fork(); 1f (pid == 0){ /child +/ printf("child "); oxecvo (args[0], Gargs[0]. NULL); else if (pid > 0) { /* parent / printf("parent "); return 0; The program forks a child process, and executes the /bin/ls program using /bin/sh, which is a symbolic link to /bin/bash. The program is executed as the following. Explain what the output of the program will be and why. $ gcc prog.c -o prog $ export fooa' () { echo hello; ); echo world;' $ ./prog