sfl-examples/lecture-demos/setuid/setuid-toctou.c

29 lines
648 B
C

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <string.h>
void main(int argc, char *argv[]) {
char buf[1024];
int fd;
char *filename = argv[1];
if (access(filename, R_OK) != 0) {
//printf("file '%s' not accessible by user\n", filename);
exit(-1); // original user lacks permission
}
// file at path `filename` exists and is readable
// by the original user (i.e., not just by root)
memset(buf, 0, 1024);
fd = open(filename, O_RDONLY);
if (fd == -1) {
//perror("error in open()");
} else {
read(fd, buf, 1024);
printf("%s", buf);
}
}