Task $8$: Invoking External Programs Using system$()$ versus execve$()$

Although system$()$ and execve$()$ can both be used to run new programs, system$()$ is quite danger

ous if used in a privileged program, such as Set$-$UID programs. We have seen how the PATH environment

variable affect the behavior of system$(),$ because the variable affects how the shell works. execve$()$

does not have the problem, because it does not invoke shell. Invoking shell has another dangerous conse

quence, and this time, it has nothing to do with environment variables. Let us look at the following scenario.

Bob works for an auditing agency, and he needs to investigate a company for a suspected fraud. For

the investigation purpose, Bob needs to be able to read all the files in the company$$s Unix system; on the

other hand, to protect the integrity of the system, Bob should not be able to modify any file. To achieve this

goal, Vince, the superuser of the system, wrote a special set$-$root$-$uid program $($see below$),$ and then gave the

executable permission to Bob. This program requires Bob to type a file name at the command line, and then

it will run $/$bin$/$cat to display the specified file. Since the program is running as a root, it can display any

f

ile Bob specifies. However, since the program has no write operations, Vince is very sure that Bob cannot

use this special program to modify any file.

Listing $3$: catall.c

int main$($int argc, char $*$argv$[])$

$\{$

char $*$v$[3]$;

char $*$command;

if$($argc $<2)\{$

printf$("$Please type a file name.

$")$;

return $1$;

$\}$

v$[0]="/$bin$/$cat$"$; v$[1]=$ argv$[1]$; v$[2]=$ NULL;

command $=$ malloc$($strlen$($v$[0])+$ strlen$($v$[1])+2)$;

sprintf$($command$,"\%$s $\%$s$",$ v$[0],$ v$[1])$;

$//$ Use only one of the followings.

system$($command$)$;

$//$ execve$($v$[0],$ v$,$ NULL$)$;

$7$

Environment Variable and Set$-$UID Program Lab

CIS $495/595$

return $0$ ;

$\}$