[SEEDLAB] SYSTEM SECURITY WRITEUP (Environment Variables) #9
Task 1 – Passing Environment Variables from Parent Process to Child Process
Step 1. Compile and run the following program && Step 2. Comment out the printenv() in the
child process (Line ②)
Step 3. Compare the difference of these two files using diff command.
They are both the same file.
The reason why this is happening is because a process that is forked by parent shares the same environment variables with parents.
Hence printing out environ will not differ.
Task 2 – Environment Variables and execve()
Step 1. Compile and run the following program && Step 2. Comment out the execve() in Line
14
ex1 prints out nothing while ex2 prints out envrionment variables.
Step 3. Describe how the new program gets its environment
Unlike fork, execve does not share same environment variables. It rather takes 3rd parameter as an environment variable. (envp becames environment variable)
Therefore, ex1 did not printed anything while ex2 did.
Task 3 – The LD_PRELOAD Environment Variable and Set-UID Programs
Step 1. Environment Setup
First, compile the library:
Then, I’ll link the compiled library to LD_PRELOAD
Now I’ll make ‘myprog’:
Step 2. Please run myprog under the following conditions and describe what happens
2-1) Make myprog a regular program, and run it as a normal user
Manipulated sleep was called
2-2) Make myprog a Set-UID root program, and run it as a normal user
Normal sleep was called. This is because of the countermeasures of Dynamic Linker. If EUID != RUID then LD_PRELOAD and LD_LIBRARY_PATH is ignored.
2-3) Make myprog a Set-UID root program, export the LD_PRELOAD environment variable
again in the root account and run it
Manipulated sleep was called. This is because EUID == RUID hence countermeasure does not apply to the case.
2-4) Make myprog a Set-UID user1 program, export the LD_PRELOAD environment variable
again in a different user’s account (not-root user) and run it
user1 and seed differs so countermeasure was applied and the original sleep was called.