Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 382: Computer Security

Published bySandra May Modified over 6 years ago

Similar presentations

Presentation on theme: "CSC 382: Computer Security"— Presentation transcript:

1 CSC 382: Computer Security
Command Injection CSC 382: Computer Security

2 CSC 382: Computer Security
Topics Processes fork() exec() system() and popen() CSC 382: Computer Security

3 CSC 382: Computer Security
Processes A process is a program in execution. Each process has a unique identifier, its PID. Each process was created by a parent process. Except PID 1, the init process, which is started on boot. CSC 382: Computer Security

4 CSC 382: Computer Security
Process Tree CSC 382: Computer Security

5 CSC 382: Computer Security
Process Tree > ptree -a 1 /etc/init - 156 /usr/sbin/inetd -s 20190 in.telnetd csh 20200 telnet nkuadm.nku.edu 20369 in.telnetd sh 345 /usr/lib/ssh/sshd 18475 /usr/lib/ssh/sshd bash 20637 ptree -a CSC 382: Computer Security

6 CSC 382: Computer Security
PIDs #include <stdio.h> #include <unistd.h> int main (int argc, char *argv[]) { printf(“My PID is %ld\n", (long)getpid()); printf("My parent’s PID is %ld\n", (long)getppid()); return 0; } > gcc -ansi -pedantic -Wall -o outputPID outputPID.c > ./outputPID My PID is 20737 My parent’s PID is 18477 CSC 382: Computer Security

7 CSC 382: Computer Security
Process State Diagram CSC 382: Computer Security

8 Process States: ps output
# ps -aux USER PID %CPU %MEM SZ RSS S START TIME COMMAND root S Jun 16 5:40 fsflush root O 16:38:50 0:00 ps -aux root S 12:50:56 0:02 sshd waldenj R 12:51:01 0:00 -bash root T Jun 16 0:00 sched Process States O Running R Runnable (in the run queue) S Sleeping T Stopped Z Zombie (terminated but parent not waiting) CSC 382: Computer Security

9 Process Creation: fork()
A process calls fork() to create a new process. fork() copies process memory image so that new process is copy of original process fork() returns twice 0 in child child PID in parent Child finishes with exit() Fork parent Fork child Wait Exit CSC 382: Computer Security

10 CSC 382: Computer Security
fork() example #include <stdio.h> #include <unistd.h> #include <sys/types.h> int main(int argc, char *argv[]) { pid_t childpid; childpid = fork(); if (childpid == -1) { perror("Failed to fork"); return 1; } if (childpid == 0) /* child executes the next statement */ printf("I am child %ld\n", (long)getpid()); else /* parent executes the next statement */ printf("I am parent %ld\n", (long)getpid()); return 0; CSC 382: Computer Security

11 CSC 382: Computer Security
fork() example > gcc -ansi -pedantic -Wall -o twoprocs twoprocs.c > ./twoprocs I am child 20830 I am parent 20829 Order dependent on current user activity. CSC 382: Computer Security

12 Running different code with exec()
exec() overlays process image of calling process with a new image from disk. Typically the child process performs an exec() while the parent waits for it to complete. CSC 382: Computer Security

13 CSC 382: Computer Security
execl() function #include <unistd.h> int execl(const char *path, const char *arg0, ..., const char *argn, char * /*NULL*/); execl() overlays the process with the image specified by path and invokes the program with the arguments arg0 through argn. CSC 382: Computer Security

14 exit() and wait() functions
#include <sys/types.h> #include <sys/wait.h> pid_t wait(int *stat_loc); wait() causes caller to suspend execution until a child process completes. wait() returns the child PID that returns first or -1 if it fails. CSC 382: Computer Security

15 CSC 382: Computer Security
fork/exec example #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <sys/wait.h> int main(int argc, char *argv[]) { pid_t childpid = fork(); if (childpid == -1) { perror("Failed to fork"); return 1; } if (childpid == 0) { /* child executes this block */ execl("/bin/ls", "ls", "-l", NULL); perror("Child failed to exec ls"); exit(1); if (childpid != wait(NULL)) { /* parent executes this block */ perror("Parent failed to wait due to signal or error"); return 0; CSC 382: Computer Security

16 system(): ease of use w/o security
#include <stdlib.h> int system(const char *string); Invokes a shell and issues the shell command specified by string. CSC 382: Computer Security

17 CSC 382: Computer Security
system() example #include <stdlib.h> #include <stdio.h> #include <sys/wait.h> int main(int argc, char *argv[]) { int status; if ((status = system("date")) < 0) perror("system() error"); if ((status = system("nosuchcommand")) < 0) if ((status = system("who")) < 0) return 0; } CSC 382: Computer Security

18 CSC 382: Computer Security
system example() > gcc -ansi -pedantic -Wall -o systest systest.c > ./systest Mon Sep 26 18:08:20 EDT 2005 sh: nosuchcommand: not found waldenj pts/ Sep 26 12:51 ( ) halla pts/ Sep 26 15:59 (foo.bar.com) newella pts/ Sep 26 15:42 ( ) longa pts/ Sep 22 12:18 ( ) CSC 382: Computer Security

19 Code Injection Attacks
Attacker sends data to entry point Data flows through application until… …a subsystem interprets it as code. Subsystem could be Command shell SQL database Language interpreter CSC 382: Computer Security

20 CSC 382: Computer Security
Shell Injection Find program that invokes a subshell command with user input such as system(). Use shell meta-characters to insert user-defined code into the command. CSC 382: Computer Security

21 CSC 382: Computer Security
Shell Metacharacters `command` will execute command ; separates commands | creates a pipe between two commands && and || are logical operators which may execute following command ! logical negation—reverses truth value of test - could convert filename into an argument * and ? glob, matching files, which may be interpreted as args: what if “-rf” is file? # comments to end of line CSC 382: Computer Security

22 CSC 382: Computer Security
Shell Injection in C /* Mail to root with user-defined subject */ int main( int argc, char **argv ) { char buf[1024]; sprintf( buf, “/bin/mail –s %s root </tmp/message”, argv[1] ); system( buf ); } CSC 382: Computer Security

23 CSC 382: Computer Security
Shell Injection in C How to exploit? ./mailprog \`/path/to/hacked_bin\` /path/to/hacked_bin will be run by mailprog How to fix? Best solution: Avoid invoking a shell. Use fork() and exec() to run /bin/mail without invoking a shell. CSC 382: Computer Security

24 CSC 382: Computer Security
Not just C/UNIX C/C++ on Windows ShellExecute() family of functions Java Runtime.exec() function Perl system() open() with | operator CSC 382: Computer Security

Download ppt "CSC 382: Computer Security"

Similar presentations

1 CS345 Operating Systems Φροντιστήριο Άσκησης 1.

1 CS345 Operating Systems Φροντιστήριο Άσκησης 1.
Process Control Hua LiSystems ProgrammingCS2690Process Control Page 1 of 41.

Process Control Hua LiSystems ProgrammingCS2690Process Control Page 1 of 41.
UNIX Process Control Bach 7 Operating Systems Course Hebrew University Spring 2007.

UNIX Process Control Bach 7 Operating Systems Course Hebrew University Spring 2007.
Process Control in Unix Operating Systems Hebrew University Spring 2004.

Process Control in Unix Operating Systems Hebrew University Spring 2004.
Unix & Windows Processes 1 CS502 Spring 2006 Unix/Windows Processes.

Unix & Windows Processes 1 CS502 Spring 2006 Unix/Windows Processes.
Unix Processes operating systems. The Process ID Unix identifies each process with a unique integer called a process ID. The process that executes the.

Unix Processes operating systems. The Process ID Unix identifies each process with a unique integer called a process ID. The process that executes the.
Fork and Exec Unix Model Tutorial 3. Process Management Model The Unix process management model is split into two distinct operations : 1. The creation.

Fork and Exec Unix Model Tutorial 3. Process Management Model The Unix process management model is split into two distinct operations : 1. The creation.
Process Control. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor utilization while providing.

Process Control. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor utilization while providing.
Some Example C Programs. These programs show how to use the exec function.

Some Example C Programs. These programs show how to use the exec function.
The Programming Interface. Main Points Creating and managing processes – fork, exec, wait Performing I/O – open, read, write, close Communicating between.

The Programming Interface. Main Points Creating and managing processes – fork, exec, wait Performing I/O – open, read, write, close Communicating between.
Unix Processes Slides are based upon IBM technical library, Speaking Unix, Part 8: Unix processes Extended System Programming Laboratory (ESPL) CS Department.

Unix Processes Slides are based upon IBM technical library, Speaking Unix, Part 8: Unix processes Extended System Programming Laboratory (ESPL) CS Department.
Copyright ©: Nahrstedt, Angrave, Abdelzaher1 Processes Tarek Abdelzaher Vikram Adve.

Copyright ©: Nahrstedt, Angrave, Abdelzaher1 Processes Tarek Abdelzaher Vikram Adve.
Shell (Part 1). Process r A process is an instance of an application running r If there are two instances of an application running then there are two.

Shell (Part 1). Process r A process is an instance of an application running r If there are two instances of an application running then there are two.
Process in Unix, Linux, and Windows CS-3013 A-term 20081 Processes in Unix, Linux, and Windows CS-3013 Operating Systems (Slides include materials from.

Process in Unix, Linux, and Windows CS-3013 A-term Processes in Unix, Linux, and Windows CS-3013 Operating Systems (Slides include materials from.
Today’s Topics Introducing process: the basic mechanism for concurrent programming –Process management related system calls Process creation Process termination.

Today’s Topics Introducing process: the basic mechanism for concurrent programming –Process management related system calls Process creation Process termination.
Process. Processes A process is an abstraction for sequence of operations that implement a computation/program. A process may be manipulated, suspended,

Process. Processes A process is an abstraction for sequence of operations that implement a computation/program. A process may be manipulated, suspended,
1 Week 2 The Crunchy Shell to the Soft and Chewy Kernel… Sarah Diesburg 8/3/2010 COP4610 / CGS5765.

1 Week 2 The Crunchy Shell to the Soft and Chewy Kernel… Sarah Diesburg 8/3/2010 COP4610 / CGS5765.
Shell (Part 2). Example r What if we want to support something like this: m ps –le | sort r One process should execute ps –le and another should execute.

Shell (Part 2). Example r What if we want to support something like this: m ps –le | sort r One process should execute ps –le and another should execute.
Creating and Executing Processes

Creating and Executing Processes
Shell (Addendum). Example r What if we want to support something like this: m ps –le | sort r One process should execute ps –le and another should execute.

Shell (Addendum). Example r What if we want to support something like this: m ps –le | sort r One process should execute ps –le and another should execute.

Similar presentations

Ads by Google