[Sudoscript-devel] Hacking on script(1)
Brought to you by:
hbo
Menu
▾
▴
[Sudoscript-devel] Hacking on script(1)
|
From: Howard O. <ho...@nu...> - 2002-04-25 19:29:17
|
Well, I have proof-of-concept code for a mod to doinput() in the linux
script(1) source. I haven't rigerously analyzed it for buffer offset goofs
or anything else for that matter. But I've compiled it and watched my
commands
show up in /var/log/secure as I expected. Here's the code:
doinput() {
register int cc;
char ibuf[BUFSIZ];
char logbuf[LOGBUFSIZ];
char *lbptr;
register int lc;
int line_flag;
lc=-1;
(void) fclose(fscript);
(void) openlog( "sudoshell", LOG_PID, LOG_AUTHPRIV);
while ((cc = read(0, ibuf, BUFSIZ)) > 0) {
(void) write(master, ibuf, cc);
if (lc+cc >(LOGBUFSIZ-2)){
logbuf[lc]=0;
lc=-1;
(void) syslog(LOG_INFO,"%s",logbuf);
}
if (ibuf[cc-1]==13) {
line_flag=1;
} else {
line_flag=0;
}
ibuf[cc]=0;
lbptr=&logbuf[lc+1];
strncpy(lbptr,ibuf,cc);
lc+=cc;
if (line_flag){
logbuf[lc]=0;
(void) syslog(LOG_INFO,"%s",logbuf);
lc=-1;
}
}
done();
}
Howard Owen "Even if you are on the right
Nuasis System Administrator track, you'll get run over if you
ho...@nu... 408-350-4952 just sit there." - Will Rogers
|
