[ale] C question

David Tomaschik david at systemoverlord.com
Tue May 27 13:59:30 EDT 2014


int is_5char_alnum(char *str) {
  /* Returns 1 if 5 char alnum, 0 otherwise. */
  int i;
  if (!str)
    return 0;
  for (i=0;i<5;i++) {
    if (!((str[i] >= 'A' && str[i] <= 'Z') ||
          (str[i] >= 'a' && str[i] <= 'a') ||
          (str[i] >= '0' && str[i] <= '9')))
      return 0;
  }
  return (str[5] == '\0')?1:0;
}


On Tue, May 27, 2014 at 10:37 AM, Robert L. Harris <
robert.l.harris at gmail.com> wrote:

>
> Here is what I ended up with from a "get this working" perspective:
>
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/types.h>
> #include <unistd.h>
>
>
> int main(int argc, char **argv)
> {
>
>    setuid( 662705787 );
>
>    char Command[512];
>    sprintf(Command, "ssh user2 at Server2 -C '/home/user2/bin/Test.sh %s'",
> argv[1]);
>    system((char *)Command);
>
>    return 0;
> }
>
>
> Given that I have something that works, I need to put the data checks in
> for a character length of 5 alpha numeric.  What changes should I make?
>  What other 'good to do' would anyone suggest?  I need to have this basic
> functionality, but I'd like to make it "better" as well but I don't know C
> other than how to do a "gcc" or read very specific examples.
>
> Robert
>
>
>
> On Sat, May 24, 2014 at 6:57 AM, Horkan Smith <ale at horkan.net> wrote:
>
>> You might also want to restrict what a user could do via ssh on the 2nd
>> server:
>>
>>
>> http://stackoverflow.com/questions/402615/how-to-restrict-ssh-users-to-a-predefined-set-of-commands-after-login
>>
>> http://www.wallix.org/2011/10/18/restricting-remote-commands-over-ssh/
>>
>> http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/
>>
>> later!
>>    horkan
>>
>> On Thu, May 22, 2014 at 05:37:32PM -0600, Robert L. Harris wrote:
>> > The reason for the "system" is just to see what value I'm getting out.
>> >
>> > I have a perl script doing a bunch of processing which will be run by a
>> > couple different users.  One aspect of the perl script is to connect to
>> > another machine and run a command as a specific user.  Instead of having
>> > others know the passwd, etc.  I have a hostkey set up from my server as
>> a
>> > non-privledged user to another system.  I want to have the C program
>> setuid
>> > to the non-privledged user, ssh to the second server and run 1 command
>> with
>> > the only variable being XXXXX.  More convoluted than I want but the
>> safest
>> > method I can come up with to get just the output I need from the second
>> > server.
>> >
>> >
>> >
>> > On Thu, May 22, 2014 at 5:31 PM, Ed Cashin <ecashin at noserose.net>
>> wrote:
>> >
>> > > In general, with this kind of stuff, you want to avoid using the
>> > > shell, so no use of "system" or other library calls that implicitly
>> > > run a shell.  The reason is that most programmers cannot anticipate
>> > > all the corner cases that allow unexpected things to happen when you
>> > > run a shell from your C program based on user data.
>> > >
>> > > But this extra information is making me less certain that I'm coming
>> > > up with the best feedback.
>> > >
>> > > Does it happen to be the case that you're using C because you want to
>> > > create an executable that you will make setuid root?
>> > >
>> > >
>> > > On Thu, May 22, 2014 at 7:12 PM, Robert L. Harris
>> > > <robert.l.harris at gmail.com> wrote:
>> > > > My main goal is to make sure someone doesn't run this command and
>> pass it
>> > > > somethign like :     "15361; rm -rf ~/*"
>> > > > I will need another version where XXXXX can be any alpha-numeric
>> > > character
>> > > > too but the main concern is the moron doing something stupid.
>> > > >
>> > > > Robert
>> > > >
>> > > >
>> > > >
>> > > > On Thu, May 22, 2014 at 4:40 PM, Ed Cashin <ecashin at noserose.net>
>> wrote:
>> > > >>
>> > > >> I'm not at a keyboard now, but strtol could do it all if you
>> provide a
>> > > >> non-NULL end pointer. (That will make sense on reading the strtol
>> man
>> > > page.)
>> > > >> Just subtract the end from the start and compare to 5,after
>> specifying
>> > > base
>> > > >> ten.
>> > > >>
>> > > >> On May 22, 2014 6:17 PM, "Robert L. Harris" <
>> robert.l.harris at gmail.com>
>> > > >> wrote:
>> > > >>>
>> > > >>>
>> > > >>> Anyone have a very simple C program source that given a command
>> of :
>> > > >>>
>> > > >>> ./Validate XXXXX
>> > > >>>
>> > > >>>
>> > > >>> it will verify that XXXXX is a 5 digit integer and then execute
>> > > >>>
>> > > >>> system( "/bin/touch XXXXX");
>> > > >>>
>> > > >>>
>> > > >>>
>> > > >>> There's much more to it but I'm hung up on this.  Unfortunately
>> I'm
>> > > not a
>> > > >>> C person.
>> > > >>>
>> > > >>> Robert
>> > > >>>
>> > > >>>
>> > > >>> --
>> > > >>> :wq!
>> > > >>>
>> > > >>>
>> > >
>> ---------------------------------------------------------------------------
>> > > >>> Robert L. Harris
>> > > >>>
>> > > >>> DISCLAIMER:
>> > > >>>       These are MY OPINIONS             With Dreams To Be A King,
>> > > >>>        ALONE.  I speak for                      First One Should
>> Be A
>> > > Man
>> > > >>>        no-one else.                                     - Manowar
>> > > >>>
>> > > >>> _______________________________________________
>> > > >>> Ale mailing list
>> > > >>> Ale at ale.org
>> > > >>> http://mail.ale.org/mailman/listinfo/ale
>> > > >>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > >>> http://mail.ale.org/mailman/listinfo
>> > > >>>
>> > > >>
>> > > >> _______________________________________________
>> > > >> Ale mailing list
>> > > >> Ale at ale.org
>> > > >> http://mail.ale.org/mailman/listinfo/ale
>> > > >> See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > >> http://mail.ale.org/mailman/listinfo
>> > > >>
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > :wq!
>> > > >
>> > >
>> ---------------------------------------------------------------------------
>> > > > Robert L. Harris
>> > > >
>> > > > DISCLAIMER:
>> > > >       These are MY OPINIONS             With Dreams To Be A King,
>> > > >        ALONE.  I speak for                      First One Should Be
>> A Man
>> > > >        no-one else.                                     - Manowar
>> > > >
>> > > > _______________________________________________
>> > > > Ale mailing list
>> > > > Ale at ale.org
>> > > > http://mail.ale.org/mailman/listinfo/ale
>> > > > See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > > http://mail.ale.org/mailman/listinfo
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > >   Ed Cashin <ecashin at noserose.net>
>> > >   http://noserose.net/e/
>> > >   http://www.coraid.com/
>> > > _______________________________________________
>> > > Ale mailing list
>> > > Ale at ale.org
>> > > http://mail.ale.org/mailman/listinfo/ale
>> > > See JOBS, ANNOUNCE and SCHOOLS lists at
>> > > http://mail.ale.org/mailman/listinfo
>> > >
>> >
>> >
>> >
>> > --
>> > :wq!
>> >
>> ---------------------------------------------------------------------------
>> > Robert L. Harris
>> >
>> > DISCLAIMER:
>> >       These are MY OPINIONS             With Dreams To Be A King,
>> >        ALONE.  I speak for                      First One Should Be A
>> Man
>> >        no-one else.                                     - Manowar
>>
>> > _______________________________________________
>> > Ale mailing list
>> > Ale at ale.org
>> > http://mail.ale.org/mailman/listinfo/ale
>> > See JOBS, ANNOUNCE and SCHOOLS lists at
>> > http://mail.ale.org/mailman/listinfo
>>
>>
>> --
>> Horkan Smith
>> 678-777-3263 cell, ale at horkan.net
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
>
> --
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris
>
> DISCLAIMER:
>       These are MY OPINIONS             With Dreams To Be A King,
>        ALONE.  I speak for                      First One Should Be A Man
>        no-one else.                                     - Manowar
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140527/73a56217/attachment-0001.html>


More information about the Ale mailing list