Hacking - The Art of Exploitation, 2nd Edition

88 0x200

reader@hacking:~/booksrc $ chmod 731 simplenote.c

reader@hacking:~/booksrc $ ls -l simplenote.c

-rwx-wx--x 1 reader reader 1826 2007-09-07 02:51 simplenote.c

reader@hacking:~/booksrc $ chmod ugo-wx simplenote.c

reader@hacking:~/booksrc $ ls -l simplenote.c

-r-------- 1 reader reader 1826 2007-09-07 02:51 simplenote.c

reader@hacking:~/booksrc $ chmod u+w simplenote.c

reader@hacking:~/booksrc $ ls -l simplenote.c

-rw------- 1 reader reader 1826 2007-09-07 02:51 simplenote.c

reader@hacking:~/booksrc $

The first command (chmod 721) gives read, write, and execute permissions to

the user, since the first number is 7 (4 + 2 + 1), write and execute permissions

to group, since the second number is 3 (2 + 1), and only execute permis-

sion to other, since the third number is 1. Permissions can also be added or

subtracted using chmod. In the next chmod command, the argument ugo-wx

means Subtract write and execute permissions from user, group, and other. The final

chmod u+w command gives write permission to user.

In the simplenote program, the open() function uses S_IRUSR|S_IWUSR for

its additional permission argument, which means the /tmp/notes file should

only have user read and write permission when it is created.

reader@hacking:~/booksrc $ ls -l /tmp/notes

-rw------- 1 reader reader 36 2007-09-07 02:52 /tmp/notes

reader@hacking:~/booksrc $

0x283 User IDs

Every user on a Unix system has a unique user ID number. This user ID can

be displayed using the id command.

reader@hacking:~/booksrc $ id reader

uid=999(reader) gid=999(reader)

groups=999(reader),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),4

4(video),46(plugdev),104(scanner),112(netdev),113(lpadmin),115(powerdev),117(a

dmin)

reader@hacking:~/booksrc $ id matrix

uid=500(matrix) gid=500(matrix) groups=500(matrix)

reader@hacking:~/booksrc $ id root

uid=0(root) gid=0(root) groups=0(root)

reader@hacking:~/booksrc $

The root user with user ID 0 is like the administrator account, which has

full access to the system. The su command can be used to switch to a differ-

ent user, and if this command is run as root, it can be done without a pass-

word. The sudo command allows a single command to be run as the root user.

On the LiveCD, sudo has been configured so it can be executed without a pass-

word, for simplicity’s sake. These commands provide a simple method to

quickly switch between users.