[ale] C question

Alex Carver agcarver+ale at acarver.net
Tue May 27 15:29:20 EDT 2014


It's already written as a function definition, you just have to put it
in the file and then call it in your program before the system() call:

int main(int argc, char **argv)
{
   setuid( 662705787 );

   char Command[512];
   if ( is_5char_alnum(argv[1]) == 1 )
   {
        sprintf(Command, "ssh user2 at Server2 -C '/home/user2/bin/Test.sh
%s'", argv[1]);
      system((char *)Command);
   }
   else
   {
     printf("Bad input\n");
   }
   return 0;
}


Though you really should adjust things to use snprintf() and reparse
argv[] into another variable first to sanitize it before feeding it into
a command.

On 2014-05-27 11:05, Robert L. Harris wrote:
> How would I tie that in to my program?  I would read it as a function I
> would run once I have my input but before I execute the system command but
> don't know how to do that in C.
> 
> 
> 
> On Tue, May 27, 2014 at 11:59 AM, David Tomaschik
> <david at systemoverlord.com>wrote:
> 
>> int is_5char_alnum(char *str) {
>>   /* Returns 1 if 5 char alnum, 0 otherwise. */
>>   int i;
>>   if (!str)
>>     return 0;
>>   for (i=0;i<5;i++) {
>>     if (!((str[i] >= 'A' && str[i] <= 'Z') ||
>>           (str[i] >= 'a' && str[i] <= 'a') ||
>>           (str[i] >= '0' && str[i] <= '9')))
>>       return 0;
>>   }
>>   return (str[5] == '\0')?1:0;
>> }
>>
>>
>> On Tue, May 27, 2014 at 10:37 AM, Robert L. Harris <
>> robert.l.harris at gmail.com> wrote:
>>
>>>
>>> Here is what I ended up with from a "get this working" perspective:
>>>
>>>
>>> #include <stdio.h>
>>> #include <stdlib.h>
>>> #include <sys/types.h>
>>> #include <unistd.h>
>>>
>>>
>>> int main(int argc, char **argv)
>>> {
>>>
>>>    setuid( 662705787 );
>>>
>>>    char Command[512];
>>>     sprintf(Command, "ssh user2 at Server2 -C '/home/user2/bin/Test.sh
>>> %s'", argv[1]);
>>>    system((char *)Command);
>>>
>>>    return 0;
>>> }
>>>
>>>
>>> Given that I have something that works, I need to put the data checks in
>>> for a character length of 5 alpha numeric.  What changes should I make?
>>>  What other 'good to do' would anyone suggest?  I need to have this basic
>>> functionality, but I'd like to make it "better" as well but I don't know C
>>> other than how to do a "gcc" or read very specific examples.
>>>
>>> Robert
>>>
>>>
>>>
>>> On Sat, May 24, 2014 at 6:57 AM, Horkan Smith <ale at horkan.net> wrote:
>>>
>>>> You might also want to restrict what a user could do via ssh on the 2nd
>>>> server:
>>>>
>>>>
>>>> http://stackoverflow.com/questions/402615/how-to-restrict-ssh-users-to-a-predefined-set-of-commands-after-login
>>>>
>>>> http://www.wallix.org/2011/10/18/restricting-remote-commands-over-ssh/
>>>>
>>>>
>>>> http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/
>>>>
>>>> later!
>>>>    horkan
>>>>
>>>> On Thu, May 22, 2014 at 05:37:32PM -0600, Robert L. Harris wrote:
>>>>> The reason for the "system" is just to see what value I'm getting out.
>>>>>
>>>>> I have a perl script doing a bunch of processing which will be run by a
>>>>> couple different users.  One aspect of the perl script is to connect to
>>>>> another machine and run a command as a specific user.  Instead of
>>>> having
>>>>> others know the passwd, etc.  I have a hostkey set up from my server
>>>> as a
>>>>> non-privledged user to another system.  I want to have the C program
>>>> setuid
>>>>> to the non-privledged user, ssh to the second server and run 1 command
>>>> with
>>>>> the only variable being XXXXX.  More convoluted than I want but the
>>>> safest
>>>>> method I can come up with to get just the output I need from the second
>>>>> server.
>>>>>
>>>>>
>>>>>
>>>>> On Thu, May 22, 2014 at 5:31 PM, Ed Cashin <ecashin at noserose.net>
>>>> wrote:
>>>>>
>>>>>> In general, with this kind of stuff, you want to avoid using the
>>>>>> shell, so no use of "system" or other library calls that implicitly
>>>>>> run a shell.  The reason is that most programmers cannot anticipate
>>>>>> all the corner cases that allow unexpected things to happen when you
>>>>>> run a shell from your C program based on user data.
>>>>>>
>>>>>> But this extra information is making me less certain that I'm coming
>>>>>> up with the best feedback.
>>>>>>
>>>>>> Does it happen to be the case that you're using C because you want to
>>>>>> create an executable that you will make setuid root?
>>>>>>
>>>>>>
>>>>>> On Thu, May 22, 2014 at 7:12 PM, Robert L. Harris
>>>>>> <robert.l.harris at gmail.com> wrote:
>>>>>>> My main goal is to make sure someone doesn't run this command and
>>>> pass it
>>>>>>> somethign like :     "15361; rm -rf ~/*"
>>>>>>> I will need another version where XXXXX can be any alpha-numeric
>>>>>> character
>>>>>>> too but the main concern is the moron doing something stupid.
>>>>>>>
>>>>>>> Robert
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, May 22, 2014 at 4:40 PM, Ed Cashin <ecashin at noserose.net>
>>>> wrote:
>>>>>>>>
>>>>>>>> I'm not at a keyboard now, but strtol could do it all if you
>>>> provide a
>>>>>>>> non-NULL end pointer. (That will make sense on reading the strtol
>>>> man
>>>>>> page.)
>>>>>>>> Just subtract the end from the start and compare to 5,after
>>>> specifying
>>>>>> base
>>>>>>>> ten.
>>>>>>>>
>>>>>>>> On May 22, 2014 6:17 PM, "Robert L. Harris" <
>>>> robert.l.harris at gmail.com>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Anyone have a very simple C program source that given a command
>>>> of :
>>>>>>>>>
>>>>>>>>> ./Validate XXXXX
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> it will verify that XXXXX is a 5 digit integer and then execute
>>>>>>>>>
>>>>>>>>> system( "/bin/touch XXXXX");
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> There's much more to it but I'm hung up on this.  Unfortunately
>>>> I'm
>>>>>> not a
>>>>>>>>> C person.
>>>>>>>>>
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>>



More information about the Ale mailing list