Nebula level02
About
There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?
To do this level, log in as the level02 account with the password level02 . Files for this level can be found in /home/flag02.
Source code
1#include <stdlib.h> 2#include <unistd.h> 3#include <string.h> 4#include <sys/types.h> 5#include <stdio.h> 6 7int main(int argc, char **argv, char **envp) 8{ 9 char *buffer; 10 11 gid_t gid; 12 uid_t uid; 13 14 gid = getegid(); 15 uid = geteuid(); 16 17 setresgid(gid, gid, gid); 18 setresuid(uid, uid, uid); 19 20 buffer = NULL; 21 22 asprintf(&buffer, "/bin/echo %s is cool", getenv("USER")); 23 printf("about to call system(\"%s\")\n", buffer); 24 25 system(buffer); 26}