Hi. New here. I read the rules. I have a question regarding something involving something for a lab assignment in my computer security(hacking) class... don't worry, I'm not asking for solutions -- just help with a small portion of something... I wanted to clarify that first.
I have a program in C (I am still learning the C language btw) and I don't fully understand what is going on with the execl() function. Yes, I read the man page, web pages and also a post on this forum and understand that execl is part of the family of functions that can be used in place of the system() command and replaces the current process image, etc.... but something is still not clear to me, as I will ask about further down this post.
So this is just a simplistic fakey program meant for us to learn how buffer overflows work, and we are supposed to basically run a command called 'chkscore' (owned by games group) (which asks for a name) to get it to overflow the str variable and overwrite other variables to make the program cat the /etc/games.passwd file instead of the /etc/games.highscore file.
(This program works properly as is)
My code:
Code:
#include <stdio.h>
#include <strings.h>
#include <stdlib.h>
int main (int argc, char* argv[])
{
char cmd[1000];
int loop;
char str[10];
char fixer[100];
strcpy(cmd, "/bin/cat");
strcpy(fixer, "/etc/games.hiscore");
printf("This is the High Score Checker for some game\n");
printf("Please enter your name\n");
fgets(str, 1014, stdin);
printf("About to execute >%s<\n", cmd);
execl(cmd, cmd, fixer, NULL);
perror("Exec");
printf("Abnormal Error. Exiting High Score Checker\n");
}
Now I am trying to look at the code (have been for 2 days now) and fully understand what is going on in the program as well as in memory.
My MAIN question for this post is that I dont understand what this command is doing:
Code:
execl(cmd, cmd, fixer, NULL);
I get that the program is using the execl() function and its executing those variables...i think... It looks like its calling cmd which will execute '/bin/cat, but why is cmd in there twice? Then is specifying fixer which holds the /etc/games.highscore path, then the whole command is terminated with NULL.
Any help is appreciated.