flat assembler
Message board for the users of flat assembler.

Index > Linux > Can someone explain me why this happens?

Author
Thread Post new topic Reply to topic
Adnarim



Joined: 02 Jan 2007
Posts: 8
Adnarim
Hi,
I'm new to assembly programming and I have an odd problem and hope one of u can help me. (compiler isn't fasm but nasm but this shouldn't change something)

here first my code:
Code:
section .bss
        eingabe:     resb    5 

section .text
        global _start

_start:
        
        mov eax,3
        mov ebx,1
        mov ecx,eingabe
        mov edx,5
        int 80h
        mov eax,4          
        mov ebx,1            
        mov ecx,eingabe        
        mov edx,5  
        int 80h              
        mov eax,1           
        mov ebx,0            
        int 80h
    


So you see I declare a variable eingabe with 5 bytes. Than I read something in and wanna give it out again. Nothing special... But what special is, is what happens. With 3 chars everything works fine the same is with 4 chars. But if I read in 5 chars there happens something I can't follow. The prompt will be placed exactly next to the output on the screen. And the oddest thing is if I take 12345dir as input, the dir is really executet in the shell. So this command is saved over the lifetime of my application and then executed. But why happens that and how ; And how do I prevent this?

Here is the console output with different inputs if u don't understand my problem and sorry for my bad english..:
Quote:

goldstein@goldstein-laptop:~$ cd Desktop
goldstein@goldstein-laptop:~/Desktop$ ./test
123
123
goldstein@goldstein-laptop:~/Desktop$ ./test
1234
1234
goldstein@goldstein-laptop:~/Desktop$ ./test
12345
12345goldstein@goldstein-laptop:~/Desktop$
goldstein@goldstein-laptop:~/Desktop$ ./test
123456
12345goldstein@goldstein-laptop:~/Desktop$ 6
bash: 6: command not found
goldstein@goldstein-laptop:~/Desktop$ ./test
12345dir
12345goldstein@goldstein-laptop:~/Desktop$ dir
test
test~
test.asm
test.asm~
test.o
test.plx~
key~
neue\ Datei~
neue\ Datei\ 1~
nicotine~
pcasm-book-german.pdf
recon.pl~
recon.plx~
turbopower_ipro
goldstein@goldstein-laptop:~/Desktop$


I hope you can help me



greets Smile
Post 02 Jan 2007, 18:33
View user's profile Send private message Reply with quote
lsa



Joined: 10 Aug 2006
Posts: 17
Location: Denmark
lsa
Input: 123 or 1234
You read the chars AND a newline, therefore the prompt is at the next line

Input: 12345
Since you specify 5 bytes as maximum the OS only gives you the first 5 bytes (no newline this time)

Input: 12345dir
Since only 5 chars are read, the remaining 4 is read by the shell as: dir [ENTER] which eventually executes 'dir'
Post 02 Jan 2007, 21:24
View user's profile Send private message Reply with quote
Adnarim



Joined: 02 Jan 2007
Posts: 8
Adnarim
Hi Isa,
Yes that's what I thought but isn't that a really huge security flaw if the OS simply safes anything typed into the program and executes this after the program finished?

I really don't understand this. This sounds like an really really stupid thing to me Smile

Can someone please explain how I can prevent this? Where is the "dir" and the ENTER saved if not in the value (because there just 5 bytes can be saved) and why is this executed?

That makes absolutly no sense to me.

greets
Post 02 Jan 2007, 21:53
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Yes, i noticed this too, and it's EXTREMELY annoying.

Adnarim: i think there is limit for max size of input: 4096 bytes. You could always read this much. But then you may need some buffering etc. Input is much more complicated problem than it seems, i have been solving it in FASMLIB for a long time.
Post 02 Jan 2007, 22:33
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Adnarim



Joined: 02 Jan 2007
Posts: 8
Adnarim
hmm but do u know where the place is where the "dir" and enter is stored after my app finished? Than just cleaning this area before my app finishs could solve the problem or not?
Post 02 Jan 2007, 22:36
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
you can read from input to get rest of data out. However, if there is nothing left, you will cause blocking, and that is unwanted.

One solution could be to always read 4096 bytes from stdin.
Post 02 Jan 2007, 22:53
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Adnarim



Joined: 02 Jan 2007
Posts: 8
Adnarim
Okay thanks, also if this sounds more like an work-around than a solution I'll use this until I will find something better Smile
Post 02 Jan 2007, 22:55
View user's profile Send private message Reply with quote
lsa



Joined: 10 Aug 2006
Posts: 17
Location: Denmark
lsa
Adnarim:
I don`t consider it to be a security problem or any problem at all.
It is the shell which executes your program so it seems natural that it gets the unused data afterwards.

If you write a program which forks and executes another program you will also be able to read the data after your child has died.

Anyway i think it`s because the filedescripters are mapped to the terminal - when you read/write to standard file descripters you read/write from the terminal(unless the parent how changed the filedescripters before execution ofcurse) - the terminal still lives when your program exit, now the parent (in this case the shell program which have waited for you) can read the data from the terminal which haven`t been read.
It is the same with stdout, your data is still on the screen when your program exit.

I hope this explanation makes it more clear.
Post 03 Jan 2007, 01:01
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
lsa: thanks for explaination. But still it's very annoying. MS doesn't have this behavior and there was no problem with console at all.
Post 03 Jan 2007, 06:39
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Adnarim



Joined: 02 Jan 2007
Posts: 8
Adnarim
Hi,
Iso I still think it's a security problem. Because imagine this program does some of the many possible tasks on linux which need to be run with root. So the pc/server-owner can check the whole sourcecode and won't find anything harmfull for his system and will start it with root (or much smarter with sudo). Than a bad boy could come up with an input like 12345sudo rm -r /root and the root folder will be deleted without even promting for giving in the root pass because it still has the suid of the session.

And next to that: what could be the use of this shell behavior? What is it good for Wink ?

And is there no way to clean this shell cache?

greets
Post 03 Jan 2007, 12:34
View user's profile Send private message Reply with quote
lsa



Joined: 10 Aug 2006
Posts: 17
Location: Denmark
lsa
Well i still don`t think its much of a problem, when you execute a program you
know what you and the program is doing (however your example could happend).
And normally you won`t have access to SUDO.

[quote]Hi,
And is there no way to clean this shell cache?
greets[/quote]

There may be more than one way to do this.

I will suggest you to study the terminal interface..While not an easy task it may answer all your questions.

I just remembered this method.
[code]
IOC_IN = $80000000
IOCPARM_MASK = $1FFF
TIOCFLUSH = (IOC_IN OR ((4 AND IOCPARM_MASK) SHL 16) OR ('t' SHL 8) OR 16) ; IOW('t',16,4)

FLUSH_READ = 1

section '.text'
; read eg. 1 char here (but type more..)

mov ebx,flush_read_data ; dataptr
mov ecx,TIOCFLUSH ; cmd
mov edx,0 ; fd
call ioctl
call bye



ioctl:
mov eax,54
int $80
ret

section '.data'
flush_read_data dd FLUSH_READ[/code]
Post 15 Jan 2007, 20:16
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
thanks lsa.

Could you please explaiin TIOCFLUSH deeper? i couldn't find it in any ioctl explained, or i can't match it with any "command group" for ioctl.
Post 15 Jan 2007, 22:05
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
gunblade



Joined: 19 Feb 2004
Posts: 209
gunblade
http://src.opensolaris.org/source/xref/loficc/crypto/usr/src/lib/libbc/inc/include/sys/ttold.h#86
http://src.opensolaris.org/source/xref/loficc/crypto/usr/src/lib/libbc/inc/include/sys/ioccom.h#34

That site is pretty neat, allows you to easily go through the headers.
Anyway, grep'ing my include directory for TIOCFLUSH showed me that TIOCFLUSH only seems to be implemented in SunOS AKA Solaris:

Code:
/usr/include/asm-sparc/ioctls.h:#define __TIOCFLUSH       _IOW('t', 16, int) /* SunOS Specific */    


It's a shame, it seems like a good idea.
Post 17 Jan 2007, 23:25
View user's profile Send private message Reply with quote
arafel



Joined: 29 Aug 2006
Posts: 131
Location: Jerusalem, Israel
arafel
It's defined as TCFLSH in linux.
Post 18 Jan 2007, 15:49
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
just what i needed. Thanks lsa and Arafael.
Post 18 Jan 2007, 16:28
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.