flat assembler
Message board for the users of flat assembler.
Index
> Linux > Can someone explain me why this happens? |
Author |
|
lsa 02 Jan 2007, 21:24
Input: 123 or 1234
You read the chars AND a newline, therefore the prompt is at the next line Input: 12345 Since you specify 5 bytes as maximum the OS only gives you the first 5 bytes (no newline this time) Input: 12345dir Since only 5 chars are read, the remaining 4 is read by the shell as: dir [ENTER] which eventually executes 'dir' |
|||
02 Jan 2007, 21:24 |
|
Adnarim 02 Jan 2007, 21:53
Hi Isa,
Yes that's what I thought but isn't that a really huge security flaw if the OS simply safes anything typed into the program and executes this after the program finished? I really don't understand this. This sounds like an really really stupid thing to me Can someone please explain how I can prevent this? Where is the "dir" and the ENTER saved if not in the value (because there just 5 bytes can be saved) and why is this executed? That makes absolutly no sense to me. greets |
|||
02 Jan 2007, 21:53 |
|
vid 02 Jan 2007, 22:33
Yes, i noticed this too, and it's EXTREMELY annoying.
Adnarim: i think there is limit for max size of input: 4096 bytes. You could always read this much. But then you may need some buffering etc. Input is much more complicated problem than it seems, i have been solving it in FASMLIB for a long time. |
|||
02 Jan 2007, 22:33 |
|
Adnarim 02 Jan 2007, 22:36
hmm but do u know where the place is where the "dir" and enter is stored after my app finished? Than just cleaning this area before my app finishs could solve the problem or not?
|
|||
02 Jan 2007, 22:36 |
|
vid 02 Jan 2007, 22:53
you can read from input to get rest of data out. However, if there is nothing left, you will cause blocking, and that is unwanted.
One solution could be to always read 4096 bytes from stdin. |
|||
02 Jan 2007, 22:53 |
|
Adnarim 02 Jan 2007, 22:55
Okay thanks, also if this sounds more like an work-around than a solution I'll use this until I will find something better
|
|||
02 Jan 2007, 22:55 |
|
lsa 03 Jan 2007, 01:01
Adnarim:
I don`t consider it to be a security problem or any problem at all. It is the shell which executes your program so it seems natural that it gets the unused data afterwards. If you write a program which forks and executes another program you will also be able to read the data after your child has died. Anyway i think it`s because the filedescripters are mapped to the terminal - when you read/write to standard file descripters you read/write from the terminal(unless the parent how changed the filedescripters before execution ofcurse) - the terminal still lives when your program exit, now the parent (in this case the shell program which have waited for you) can read the data from the terminal which haven`t been read. It is the same with stdout, your data is still on the screen when your program exit. I hope this explanation makes it more clear. |
|||
03 Jan 2007, 01:01 |
|
vid 03 Jan 2007, 06:39
lsa: thanks for explaination. But still it's very annoying. MS doesn't have this behavior and there was no problem with console at all.
|
|||
03 Jan 2007, 06:39 |
|
Adnarim 03 Jan 2007, 12:34
Hi,
Iso I still think it's a security problem. Because imagine this program does some of the many possible tasks on linux which need to be run with root. So the pc/server-owner can check the whole sourcecode and won't find anything harmfull for his system and will start it with root (or much smarter with sudo). Than a bad boy could come up with an input like 12345sudo rm -r /root and the root folder will be deleted without even promting for giving in the root pass because it still has the suid of the session. And next to that: what could be the use of this shell behavior? What is it good for ? And is there no way to clean this shell cache? greets |
|||
03 Jan 2007, 12:34 |
|
lsa 15 Jan 2007, 20:16
Well i still don`t think its much of a problem, when you execute a program you
know what you and the program is doing (however your example could happend). And normally you won`t have access to SUDO. [quote]Hi, And is there no way to clean this shell cache? greets[/quote] There may be more than one way to do this. I will suggest you to study the terminal interface..While not an easy task it may answer all your questions. I just remembered this method. [code] IOC_IN = $80000000 IOCPARM_MASK = $1FFF TIOCFLUSH = (IOC_IN OR ((4 AND IOCPARM_MASK) SHL 16) OR ('t' SHL 8) OR 16) ; IOW('t',16,4) FLUSH_READ = 1 section '.text' ; read eg. 1 char here (but type more..) mov ebx,flush_read_data ; dataptr mov ecx,TIOCFLUSH ; cmd mov edx,0 ; fd call ioctl call bye ioctl: mov eax,54 int $80 ret section '.data' flush_read_data dd FLUSH_READ[/code] |
|||
15 Jan 2007, 20:16 |
|
vid 15 Jan 2007, 22:05
thanks lsa.
Could you please explaiin TIOCFLUSH deeper? i couldn't find it in any ioctl explained, or i can't match it with any "command group" for ioctl. |
|||
15 Jan 2007, 22:05 |
|
gunblade 17 Jan 2007, 23:25
http://src.opensolaris.org/source/xref/loficc/crypto/usr/src/lib/libbc/inc/include/sys/ttold.h#86
http://src.opensolaris.org/source/xref/loficc/crypto/usr/src/lib/libbc/inc/include/sys/ioccom.h#34 That site is pretty neat, allows you to easily go through the headers. Anyway, grep'ing my include directory for TIOCFLUSH showed me that TIOCFLUSH only seems to be implemented in SunOS AKA Solaris: Code: /usr/include/asm-sparc/ioctls.h:#define __TIOCFLUSH _IOW('t', 16, int) /* SunOS Specific */ It's a shame, it seems like a good idea. |
|||
17 Jan 2007, 23:25 |
|
arafel 18 Jan 2007, 15:49
It's defined as TCFLSH in linux.
|
|||
18 Jan 2007, 15:49 |
|
vid 18 Jan 2007, 16:28
just what i needed. Thanks lsa and Arafael.
|
|||
18 Jan 2007, 16:28 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.