Oy, apparently it was a rough week for me last week. (Good thing I
wasn't coding.)
After a good weekend of suffocating on (latex) paint fumes (spring _was_
here but then it left), my brain is working much more good now. <sigh>
Thanks for your patience. :-)
Maynard, Chris wrote:
Does this help � in particular the read_from_network() function and
comments I added?
- Chris
#include <stdio.h>
#include <stdlib.h>
typedef unsigned short uid_t;
static void dowork(uid_t u);
static int read_from_network(void);
int main(int argc, char **argv)
{
int x;
x = read_from_network();
/* Squish root (it's not safe to execute dowork() with uid(0) */
if ( x == 0 )
{
printf("Uid %u not allowed.\n", x);
exit(1);
}
dowork(x);
return (0);
} /* main() */
static void dowork(uid_t u)
{
printf("Doing work as uid %u.\n", u);
} /* dowork() */
static int read_from_network(void)
{
/* I'm a sneaky guy and exploited the fact that the return value
* is an int, although I know only the lower 16 bits will be used.
* This is how I can end up "doing work" as root. */
return (0xffff0000);
} /* read_from_network() */
------------------------------------------------------------------------
*From:* wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] *On Behalf Of *Jeff Morriss
*Sent:* Friday, April 25, 2008 9:34 PM
*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] [Wireshark-commits] rev
25171:/trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-umts_fp.c
On Fri, Apr 25, 2008 at 7:49 PM, Luis EG Ontanon <luis@xxxxxxxxxxx
<mailto:luis@xxxxxxxxxxx>> wrote:
On Fri, Apr 25, 2008 at 10:17 PM, Jeff Morriss
<jeff.morriss.ws <http://jeff.morriss.ws>@gmail.com <http://gmail.com>>
wrote:
Guy Harris wrote:
> http://www.cs.berkeley.edu/~wychen/cs261/proposal.htm
<http://www.cs.berkeley.edu/%7Ewychen/cs261/proposal.htm>
If Figure 1 is really a problem then my understanding of C just went out
the window...
I wouldn't have got this by myself without the explanation but if you
read the code as:
typedef unsigned short uid_t;
void dowork(uid_t u);
int main() {
int x = read_from_network();
// Squish root (it's not safe to execute dowork() with uid 0)
if ( (x & 0x0000ffff) == 0) exit(1);
// ^^^^^^^^^^^^^
dowork(x);
}
you would have noticed the issue.
I get what he's saying but I just don't get it: why would the compiler
convert from int to unsigned short *before* it has to send the value
into the call to dowork()? E.g., 'x' should be an int until I
(explicitly or implicitly) cast it to something else, non? Actually it
should still be an int after the call to dowork(); it just won't be an
int when dowork() gets it.
Maybe I need to go back to school because I'm feeling very noobish right
now.
------------------------------------------------------------------------
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev