<div dir="ltr"><br><div>Here is what I ended up with from a "get this working" perspective:</div><div><br></div><div><br></div><div><div>#include <stdio.h></div><div>#include <stdlib.h></div><div>#include <sys/types.h></div>
<div>#include <unistd.h></div><div><br></div><div><br></div><div>int main(int argc, char **argv)</div><div>{ </div><div> </div><div> setuid( 662705787 );</div><div> </div><div> char Command[512];</div><div>
sprintf(Command, "ssh user2@Server2 -C '/home/user2/bin/Test.sh %s'", argv[1]);</div><div> system((char *)Command);</div><div> </div><div> return 0;</div><div>}</div><div><br></div></div><div><br>
</div><div>Given that I have something that works, I need to put the data checks in for a character length of 5 alpha numeric. What changes should I make? What other 'good to do' would anyone suggest? I need to have this basic functionality, but I'd like to make it "better" as well but I don't know C other than how to do a "gcc" or read very specific examples.</div>
<div><br></div><div>Robert</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, May 24, 2014 at 6:57 AM, Horkan Smith <span dir="ltr"><<a href="mailto:ale@horkan.net" target="_blank">ale@horkan.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You might also want to restrict what a user could do via ssh on the 2nd server:<br>
<br>
<a href="http://stackoverflow.com/questions/402615/how-to-restrict-ssh-users-to-a-predefined-set-of-commands-after-login" target="_blank">http://stackoverflow.com/questions/402615/how-to-restrict-ssh-users-to-a-predefined-set-of-commands-after-login</a><br>
<br>
<a href="http://www.wallix.org/2011/10/18/restricting-remote-commands-over-ssh/" target="_blank">http://www.wallix.org/2011/10/18/restricting-remote-commands-over-ssh/</a><br>
<br>
<a href="http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/" target="_blank">http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/</a><br>
<br>
later!<br>
horkan<br>
<div class="HOEnZb"><div class="h5"><br>
On Thu, May 22, 2014 at 05:37:32PM -0600, Robert L. Harris wrote:<br>
> The reason for the "system" is just to see what value I'm getting out.<br>
><br>
> I have a perl script doing a bunch of processing which will be run by a<br>
> couple different users. One aspect of the perl script is to connect to<br>
> another machine and run a command as a specific user. Instead of having<br>
> others know the passwd, etc. I have a hostkey set up from my server as a<br>
> non-privledged user to another system. I want to have the C program setuid<br>
> to the non-privledged user, ssh to the second server and run 1 command with<br>
> the only variable being XXXXX. More convoluted than I want but the safest<br>
> method I can come up with to get just the output I need from the second<br>
> server.<br>
><br>
><br>
><br>
> On Thu, May 22, 2014 at 5:31 PM, Ed Cashin <<a href="mailto:ecashin@noserose.net">ecashin@noserose.net</a>> wrote:<br>
><br>
> > In general, with this kind of stuff, you want to avoid using the<br>
> > shell, so no use of "system" or other library calls that implicitly<br>
> > run a shell. The reason is that most programmers cannot anticipate<br>
> > all the corner cases that allow unexpected things to happen when you<br>
> > run a shell from your C program based on user data.<br>
> ><br>
> > But this extra information is making me less certain that I'm coming<br>
> > up with the best feedback.<br>
> ><br>
> > Does it happen to be the case that you're using C because you want to<br>
> > create an executable that you will make setuid root?<br>
> ><br>
> ><br>
> > On Thu, May 22, 2014 at 7:12 PM, Robert L. Harris<br>
> > <<a href="mailto:robert.l.harris@gmail.com">robert.l.harris@gmail.com</a>> wrote:<br>
> > > My main goal is to make sure someone doesn't run this command and pass it<br>
> > > somethign like : "15361; rm -rf ~/*"<br>
> > > I will need another version where XXXXX can be any alpha-numeric<br>
> > character<br>
> > > too but the main concern is the moron doing something stupid.<br>
> > ><br>
> > > Robert<br>
> > ><br>
> > ><br>
> > ><br>
> > > On Thu, May 22, 2014 at 4:40 PM, Ed Cashin <<a href="mailto:ecashin@noserose.net">ecashin@noserose.net</a>> wrote:<br>
> > >><br>
> > >> I'm not at a keyboard now, but strtol could do it all if you provide a<br>
> > >> non-NULL end pointer. (That will make sense on reading the strtol man<br>
> > page.)<br>
> > >> Just subtract the end from the start and compare to 5,after specifying<br>
> > base<br>
> > >> ten.<br>
> > >><br>
> > >> On May 22, 2014 6:17 PM, "Robert L. Harris" <<a href="mailto:robert.l.harris@gmail.com">robert.l.harris@gmail.com</a>><br>
> > >> wrote:<br>
> > >>><br>
> > >>><br>
> > >>> Anyone have a very simple C program source that given a command of :<br>
> > >>><br>
> > >>> ./Validate XXXXX<br>
> > >>><br>
> > >>><br>
> > >>> it will verify that XXXXX is a 5 digit integer and then execute<br>
> > >>><br>
> > >>> system( "/bin/touch XXXXX");<br>
> > >>><br>
> > >>><br>
> > >>><br>
> > >>> There's much more to it but I'm hung up on this. Unfortunately I'm<br>
> > not a<br>
> > >>> C person.<br>
> > >>><br>
> > >>> Robert<br>
> > >>><br>
> > >>><br>
> > >>> --<br>
> > >>> :wq!<br>
> > >>><br>
> > >>><br>
> > ---------------------------------------------------------------------------<br>
> > >>> Robert L. Harris<br>
> > >>><br>
> > >>> DISCLAIMER:<br>
> > >>> These are MY OPINIONS With Dreams To Be A King,<br>
> > >>> ALONE. I speak for First One Should Be A<br>
> > Man<br>
> > >>> no-one else. - Manowar<br>
> > >>><br>
> > >>> _______________________________________________<br>
> > >>> Ale mailing list<br>
> > >>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> > >>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> > >>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> > >>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> > >>><br>
> > >><br>
> > >> _______________________________________________<br>
> > >> Ale mailing list<br>
> > >> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> > >> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> > >> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> > >> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> > >><br>
> > ><br>
> > ><br>
> > ><br>
> > > --<br>
> > > :wq!<br>
> > ><br>
> > ---------------------------------------------------------------------------<br>
> > > Robert L. Harris<br>
> > ><br>
> > > DISCLAIMER:<br>
> > > These are MY OPINIONS With Dreams To Be A King,<br>
> > > ALONE. I speak for First One Should Be A Man<br>
> > > no-one else. - Manowar<br>
> > ><br>
> > > _______________________________________________<br>
> > > Ale mailing list<br>
> > > <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> > > <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> > > See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> > > <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> > ><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Ed Cashin <<a href="mailto:ecashin@noserose.net">ecashin@noserose.net</a>><br>
> > <a href="http://noserose.net/e/" target="_blank">http://noserose.net/e/</a><br>
> > <a href="http://www.coraid.com/" target="_blank">http://www.coraid.com/</a><br>
> > _______________________________________________<br>
> > Ale mailing list<br>
> > <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> > <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> > See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> > <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
> :wq!<br>
> ---------------------------------------------------------------------------<br>
> Robert L. Harris<br>
><br>
> DISCLAIMER:<br>
> These are MY OPINIONS With Dreams To Be A King,<br>
> ALONE. I speak for First One Should Be A Man<br>
> no-one else. - Manowar<br>
<br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
<br>
--<br>
</div></div><span class="HOEnZb"><font color="#888888">Horkan Smith<br>
<a href="tel:678-777-3263" value="+16787773263">678-777-3263</a> cell, <a href="mailto:ale@horkan.net">ale@horkan.net</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>:wq!<br>---------------------------------------------------------------------------<br>Robert L. Harris<br><br>DISCLAIMER:<br> These are MY OPINIONS With Dreams To Be A King,<br>
ALONE. I speak for First One Should Be A Man<br> no-one else. - Manowar
</div>