[ale] C question
Robert L. Harris
robert.l.harris at gmail.com
Tue May 27 14:05:57 EDT 2014
How would I tie that in to my program? I would read it as a function I
would run once I have my input but before I execute the system command but
don't know how to do that in C.
On Tue, May 27, 2014 at 11:59 AM, David Tomaschik
<david at systemoverlord.com>wrote:
> int is_5char_alnum(char *str) {
> /* Returns 1 if 5 char alnum, 0 otherwise. */
> int i;
> if (!str)
> return 0;
> for (i=0;i<5;i++) {
> if (!((str[i] >= 'A' && str[i] <= 'Z') ||
> (str[i] >= 'a' && str[i] <= 'a') ||
> (str[i] >= '0' && str[i] <= '9')))
> return 0;
> }
> return (str[5] == '\0')?1:0;
> }
>
>
> On Tue, May 27, 2014 at 10:37 AM, Robert L. Harris <
> robert.l.harris at gmail.com> wrote:
>
>>
>> Here is what I ended up with from a "get this working" perspective:
>>
>>
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <sys/types.h>
>> #include <unistd.h>
>>
>>
>> int main(int argc, char **argv)
>> {
>>
>> setuid( 662705787 );
>>
>> char Command[512];
>> sprintf(Command, "ssh user2 at Server2 -C '/home/user2/bin/Test.sh
>> %s'", argv[1]);
>> system((char *)Command);
>>
>> return 0;
>> }
>>
>>
>> Given that I have something that works, I need to put the data checks in
>> for a character length of 5 alpha numeric. What changes should I make?
>> What other 'good to do' would anyone suggest? I need to have this basic
>> functionality, but I'd like to make it "better" as well but I don't know C
>> other than how to do a "gcc" or read very specific examples.
>>
>> Robert
>>
>>
>>
>> On Sat, May 24, 2014 at 6:57 AM, Horkan Smith <ale at horkan.net> wrote:
>>
>>> You might also want to restrict what a user could do via ssh on the 2nd
>>> server:
>>>
>>>
>>> http://stackoverflow.com/questions/402615/how-to-restrict-ssh-users-to-a-predefined-set-of-commands-after-login
>>>
>>> http://www.wallix.org/2011/10/18/restricting-remote-commands-over-ssh/
>>>
>>>
>>> http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/
>>>
>>> later!
>>> horkan
>>>
>>> On Thu, May 22, 2014 at 05:37:32PM -0600, Robert L. Harris wrote:
>>> > The reason for the "system" is just to see what value I'm getting out.
>>> >
>>> > I have a perl script doing a bunch of processing which will be run by a
>>> > couple different users. One aspect of the perl script is to connect to
>>> > another machine and run a command as a specific user. Instead of
>>> having
>>> > others know the passwd, etc. I have a hostkey set up from my server
>>> as a
>>> > non-privledged user to another system. I want to have the C program
>>> setuid
>>> > to the non-privledged user, ssh to the second server and run 1 command
>>> with
>>> > the only variable being XXXXX. More convoluted than I want but the
>>> safest
>>> > method I can come up with to get just the output I need from the second
>>> > server.
>>> >
>>> >
>>> >
>>> > On Thu, May 22, 2014 at 5:31 PM, Ed Cashin <ecashin at noserose.net>
>>> wrote:
>>> >
>>> > > In general, with this kind of stuff, you want to avoid using the
>>> > > shell, so no use of "system" or other library calls that implicitly
>>> > > run a shell. The reason is that most programmers cannot anticipate
>>> > > all the corner cases that allow unexpected things to happen when you
>>> > > run a shell from your C program based on user data.
>>> > >
>>> > > But this extra information is making me less certain that I'm coming
>>> > > up with the best feedback.
>>> > >
>>> > > Does it happen to be the case that you're using C because you want to
>>> > > create an executable that you will make setuid root?
>>> > >
>>> > >
>>> > > On Thu, May 22, 2014 at 7:12 PM, Robert L. Harris
>>> > > <robert.l.harris at gmail.com> wrote:
>>> > > > My main goal is to make sure someone doesn't run this command and
>>> pass it
>>> > > > somethign like : "15361; rm -rf ~/*"
>>> > > > I will need another version where XXXXX can be any alpha-numeric
>>> > > character
>>> > > > too but the main concern is the moron doing something stupid.
>>> > > >
>>> > > > Robert
>>> > > >
>>> > > >
>>> > > >
>>> > > > On Thu, May 22, 2014 at 4:40 PM, Ed Cashin <ecashin at noserose.net>
>>> wrote:
>>> > > >>
>>> > > >> I'm not at a keyboard now, but strtol could do it all if you
>>> provide a
>>> > > >> non-NULL end pointer. (That will make sense on reading the strtol
>>> man
>>> > > page.)
>>> > > >> Just subtract the end from the start and compare to 5,after
>>> specifying
>>> > > base
>>> > > >> ten.
>>> > > >>
>>> > > >> On May 22, 2014 6:17 PM, "Robert L. Harris" <
>>> robert.l.harris at gmail.com>
>>> > > >> wrote:
>>> > > >>>
>>> > > >>>
>>> > > >>> Anyone have a very simple C program source that given a command
>>> of :
>>> > > >>>
>>> > > >>> ./Validate XXXXX
>>> > > >>>
>>> > > >>>
>>> > > >>> it will verify that XXXXX is a 5 digit integer and then execute
>>> > > >>>
>>> > > >>> system( "/bin/touch XXXXX");
>>> > > >>>
>>> > > >>>
>>> > > >>>
>>> > > >>> There's much more to it but I'm hung up on this. Unfortunately
>>> I'm
>>> > > not a
>>> > > >>> C person.
>>> > > >>>
>>> > > >>> Robert
>>> > > >>>
>>> > > >>>
>>> > > >>> --
>>> > > >>> :wq!
>>> > > >>>
>>> > > >>>
>>> > >
>>> ---------------------------------------------------------------------------
>>> > > >>> Robert L. Harris
>>> > > >>>
>>> > > >>> DISCLAIMER:
>>> > > >>> These are MY OPINIONS With Dreams To Be A King,
>>> > > >>> ALONE. I speak for First One Should
>>> Be A
>>> > > Man
>>> > > >>> no-one else. - Manowar
>>> > > >>>
>>> > > >>> _______________________________________________
>>> > > >>> Ale mailing list
>>> > > >>> Ale at ale.org
>>> > > >>> http://mail.ale.org/mailman/listinfo/ale
>>> > > >>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> > > >>> http://mail.ale.org/mailman/listinfo
>>> > > >>>
>>> > > >>
>>> > > >> _______________________________________________
>>> > > >> Ale mailing list
>>> > > >> Ale at ale.org
>>> > > >> http://mail.ale.org/mailman/listinfo/ale
>>> > > >> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> > > >> http://mail.ale.org/mailman/listinfo
>>> > > >>
>>> > > >
>>> > > >
>>> > > >
>>> > > > --
>>> > > > :wq!
>>> > > >
>>> > >
>>> ---------------------------------------------------------------------------
>>> > > > Robert L. Harris
>>> > > >
>>> > > > DISCLAIMER:
>>> > > > These are MY OPINIONS With Dreams To Be A King,
>>> > > > ALONE. I speak for First One Should
>>> Be A Man
>>> > > > no-one else. - Manowar
>>> > > >
>>> > > > _______________________________________________
>>> > > > Ale mailing list
>>> > > > Ale at ale.org
>>> > > > http://mail.ale.org/mailman/listinfo/ale
>>> > > > See JOBS, ANNOUNCE and SCHOOLS lists at
>>> > > > http://mail.ale.org/mailman/listinfo
>>> > > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Ed Cashin <ecashin at noserose.net>
>>> > > http://noserose.net/e/
>>> > > http://www.coraid.com/
>>> > > _______________________________________________
>>> > > Ale mailing list
>>> > > Ale at ale.org
>>> > > http://mail.ale.org/mailman/listinfo/ale
>>> > > See JOBS, ANNOUNCE and SCHOOLS lists at
>>> > > http://mail.ale.org/mailman/listinfo
>>> > >
>>> >
>>> >
>>> >
>>> > --
>>> > :wq!
>>> >
>>> ---------------------------------------------------------------------------
>>> > Robert L. Harris
>>> >
>>> > DISCLAIMER:
>>> > These are MY OPINIONS With Dreams To Be A King,
>>> > ALONE. I speak for First One Should Be A
>>> Man
>>> > no-one else. - Manowar
>>>
>>> > _______________________________________________
>>> > Ale mailing list
>>> > Ale at ale.org
>>> > http://mail.ale.org/mailman/listinfo/ale
>>> > See JOBS, ANNOUNCE and SCHOOLS lists at
>>> > http://mail.ale.org/mailman/listinfo
>>>
>>>
>>> --
>>> Horkan Smith
>>> 678-777-3263 cell, ale at horkan.net
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>
>>
>>
>> --
>> :wq!
>>
>> ---------------------------------------------------------------------------
>> Robert L. Harris
>>
>> DISCLAIMER:
>> These are MY OPINIONS With Dreams To Be A King,
>> ALONE. I speak for First One Should Be A Man
>> no-one else. - Manowar
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
--
:wq!
---------------------------------------------------------------------------
Robert L. Harris
DISCLAIMER:
These are MY OPINIONS With Dreams To Be A King,
ALONE. I speak for First One Should Be A Man
no-one else. - Manowar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140527/d93140a7/attachment.html>
More information about the Ale
mailing list