Created
September 25, 2014 19:57
-
-
Save pbkhrv/906a682abbf41e772ec5 to your computer and use it in GitHub Desktop.
shellshock research: wrap /bin/sh and log all calls to it to see what is potentially vulnerable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * rename /bin/sh to /bin/sh.org for the script to work | |
| * | |
| * compile with 'gcc -Wall sh-wrap.c -o sh-wrap' | |
| * | |
| * can do same for bash | |
| */ | |
| #include <unistd.h> | |
| #include <stdio.h> | |
| int main (int argc, const char * argv[]) { | |
| FILE *fp; | |
| pid_t myPid = getpid(); | |
| pid_t parentPid = getppid(); | |
| fp = fopen("/tmp/sh-wrap-out.txt","a+"); | |
| fprintf(fp, "pid: %d, ppid: %d\n", myPid, parentPid); | |
| fclose(fp); | |
| return execv("/bin/sh.org", argv); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment