4. (15 points) The PATH environment variable. The system (const char *cmd) library function can be used to execute a command within a program. The way system (cmd) works is to invoke the /bin/sh program, and then let the shell program to execute cmd. Because of the shell program invoked, calling system () within a Set-UID program is extremely dangerous. This is because the actual behavior of the shell pro- gram can be affected by environment variables, such as PATH; these environment variables (stored in /etc/environment) are under user's control. For example, the user can add a new path to PATH by using export PATH=/path/to/your/dir:$PATH. Note that this change is only effective for the current terminal.vim By changing these variables, malicious users can control the behavior of the Set-UID program. The Set-UID program below has to be created by the root user and is supposed to execute the /bin/ls command; however, the programmer only uses the relative path for the ls command, rather than the absolute path: #include "stdio.h" #include "stdlib.h" int main() { system ("ls"); return 0; } (a) Can you let this Set-UID program (owned by root) run your code instead of /bin/ls by add a new directory to PATH? If you can, is your code running with the root privi- lege? Describe and explain your observations. The command you can use to add a new directory to PATH is export PATH=/path/to/your/dir:$PATH (b) Now, change /bin/sh so it points back to /bin/bash, and repeat the above attack. Can you still get the root privilege? Describe and explain your observations