The PATH environment variable.

The system (const char *cmd) library function can be used to execute a command within a program. The way system (cmd) works is to invoke the /bin/sh program, and then let the shell program to execute cmd. Because of the shell program invoked, calling system() within a

Set-UID program is extremely dangerous. This is because the actual behavior of the shell program can be affected by environment variables, such as PATH. These environment variables are under users control. By changing these variables, malicious users can control the behavior of the Set-UID program. In bash, you can change the PATH environment variable in the following way (this example adds the directory /home/sec-lab to the beginning of the PATH environment variable):

sudo su

export PATH=/home/sec-lab:$PATH

The Set-UID program below is supposed to execute the /bin/ls command; however, the programmer only uses the relative path for the ls command, rather than the absolute path:

Create a file: make sure you are still in the bin folder (if not cd /bin)

nano setUID.c

copy the code to the file

#include

int main()

{

system("ls -la");

return 0;

}

gcc o setUID setUID.c //this is to compile the c code

./setUID //to execute the executable file

Notice the output of files

cd /usr/local/

ls la

Notice the bin folder is root (normal users, process and program should not have direct access) and your program had access to as it used the setUID

Question 12 - Can you let this Set-UID program (owned by root) run your code instead of /bin/ls? If you can, is your code running with the root privilege? Describe and explain your observations.