Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Software security Assessment 1. When a shell variable containing a shell function definition is passed down to a child process as an environment variable, what

image text in transcribedSoftware security Assessment
image text in transcribed
1. When a shell variable containing a shell function definition is passed down to a child process as an environment variable, what is going to happen to the function definition? 2. Instead of putting an extra shell command after a function definition, we put it at the beginning (see the following example). We then run Bash, which is vulnerable to the Shellshock attack. Will the shell command echo world be executed? $ export foo='echo world; 0 { echo hello;}' $ bash 3. For the Shellshock vulnerability to be exploitable, two conditions need to be satisfied. What are these two conditions? 4. Instead of using a function definition in the Shellshock attack against CGI programs, can we directly put shell commands inside the User-Agent field, so when Bash is triggered, the shell command can be executed? 5. We run "nc -Ivp 7070" on Machine 1 (IP address is 10.0.2.6), and we then type the following command on Machine 2. Describe what is going to happen? $/bin/cat /tep/10.0.2.6/7070 >&0 6. Consider the following program #include #include #include axtorn char *onviron; int main() char *args[] - "/bin/sh", "-", "/bin/ls", NULL pid t pid = fork(); 1f (pid == 0){ /child +/ printf("child "); oxecvo (args[0], Gargs[0]. NULL); else if (pid > 0) { /* parent / printf("parent "); return 0; The program forks a child process, and executes the /bin/ls program using /bin/sh, which is a symbolic link to /bin/bash. The program is executed as the following. Explain what the output of the program will be and why. $ gcc prog.c -o prog $ export fooa' () { echo hello; ); echo world;' $ ./prog

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Professional Microsoft SQL Server 2012 Administration

Authors: Adam Jorgensen, Steven Wort

1st Edition

1118106881, 9781118106884

More Books

Students also viewed these Databases questions

Question

The issue of staff sensitivity to feedback

Answered: 1 week ago

Question

What is an interface? What keyword is used to define one?

Answered: 1 week ago