Scribd
Upload
4 views1 page

EnvironmentVariable Ex

Uploaded by

prorrrice
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views1 page

EnvironmentVariable Ex

Uploaded by

prorrrice
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Environment Variables 1

Attacks Through Environment Variables


Copyright © 2017 by Wenliang Du, All rights reserved.
Personal uses are granted. Use of these problems in a class is granted only if the author’s
book is adopted as a textbook of the class. All other uses must seek consent from the author.

S3.1. What is the difference between environment variables and shell variables?
S3.2. In Bash, if we run "export foo=bar", does it change the environment variable of
the current process?
S3.3. The followings are two different ways to print out environment variables. Please describe
their differences:
$ /usr/bin/env
$ /usr/bin/strings /proc/$$/environ

S3.4. In our code, when we use execve() to execute an external program xyz , we pass
NULL in the third argument. How many environment variables will the process running
xyz has?
S3.5. Bob says that he never uses any environment variable in his code, so he does not need to
worry about any security problem caused by environment variables. Is he correct?
S3.6. A program abc invokes an external program xyz using system(), which is affected
by the PATH environment variable. When we invoke abc from a shell prompt, how
does the shell variable PATH in the current shell end up affecting the behavior of the
system() function?
S3.7. Please explain why using secure getenv() is better than using getenv().
S3.8. A privileged Set-UID program needs to find out which directory it is currently in.
There are two typical approaches. One is to use the PWD environment variable, which
contains the full path of the current directory. Another approach is to use the getcwd()
function (you can find its manual online). Please describe which approach you would
like to take and why.
S3.9. In Linux, many environment variables are ignored if the program by the dynamic linker if
the program to be executed is a Set-UID program. Two such examples are LD PRELOAD
and LD LIBRARY PATH. Please read the manual of ld-linux (https://linux.
die.net/man/8/ld-linux) and explain why the following environment variables
are also ignored:

• LD AUDIT
• LD DEBUG OUTPUT

S3.10. There are two typical approaches for letting normal users do privileged tasks, one is to
write a root-owned Set-UID program, and let the user run; another approach is to use a
dedicated root daemon to do those privileged tasks for users. Please compare the attack
surfaces of these two approaches, and describe which one is more secure.

You might also like