Level 2
Simple stack overflow, but with a side effect that affects debugging, and executing problems. Keep in mind that a straight execve() will not work, due to kernel issuing a breakpoint.
1 #include <stdlib.h> 2 #include <unistd.h> 3 #include <string.h> 4 #include <sys/types.h> 5 #include <sys/ptrace.h> 6 #include <pwd.h> 7 8 void wipearray(char **array) 9 { 10 /* 11 * This should be pretty trivial without relying on stack 12 * values :) 13 */ 14 15 while(*array) { 16 memset(*array, 0, strlen(*array)); 17 array++; 18 } 19 } 20 21 void wipeenv(char **argv, char **envp) 22 { 23 wipearray(argv); 24 wipearray(envp); 25 } 26 27 char* do_finger() 28 { 29 char buf[80], *p; 30 gets(buf); 31 p = buf; 32 while(*p) { 33 *p = toupper(*p); 34 p++; 35 } 36 37 return strdup(p); 38 } 39 40 int main(int argc, char **argv, char **envp) 41 { 42 /* 43 * This idea is taken from a question in #social one day about 44 * what to do if a process is being traced and you can't execve() 45 */ 46 47 if(ptrace(PTRACE_TRACEME) == -1) { 48 printf("request for tracing failed\n"); 49 exit(EXIT_FAILURE); 50 } 51 52 wipeenv(argv, envp); 53 54 do_finger(); 55 }