execve

We are having a lot of trouble interpreting our teacher. We asked for clarification and got the following back from him For execve, send it a environment you setup with your exported variables and create a builtin command to spawn a subshell of /bin/bash, that way you can see your exported variables using env. (He is talking about creating our own environment vars here.) Yes create your own. You can start by copying environ when your shell starts and add only exported variables This is related to the following post on Stack Overflow by me (reading this other post will help you understand what

I am wondering how I can pass a file descriptor through the execve() command and then access it on the other side. I know that I can use dup2 to redirect the file-descriptor but I cannot do that. I am required to actually pass the file descriptor to the child and use it in the child. What I have done so far: Parent makes pipe + args like the following: int pfd[2]; if(pipe(pfd) == -1) exitWithError("PIPE FAILED", 1); char *args_1[] = {"reader", argv[1], (char*) pfd, (char *) 0}; Then the child calls execve after fork() like the following: close(pfd[1]); execve("./reader", args_1, NULL); Then,

I have to fill the parameters for: int execve(const char *filename, char *const argv[], char *const envp[]); If I execute this program: #include <unistd.h> int main() { char *args[2]; args[0] = "/bin/sh"; args[1] = NULL; execve(args[0], args, NULL); } the shell is spawned correctly as expected. My problem is that the shell is spawned correctly also if I pass a NULL as second parameter like that: #include <unistd.h> int main() { char *args[2]; args[0] = "/bin/sh"; args[1] = NULL; execve(args[0], NULL, NULL); } So what's the purpose to use the args vector (with the "/bin/sh" + NULL) as second

I am trying to use execve to run the ls command. Currently I'm running it with the following arguments: execve(args[0], args, env_args) //args looks like {"ls", "-l", "-a", NULL} //env_args looks like {"PATH=/bin", "USER=me", NULL} What I expected this to do was run the ls command using my new env_args meaning that it would look up ls in my PATH. However, this code actually doesn't do anything and when I run the code it just returns to my command prompt without output. Using the same args[] I was using execvp and ls worked and searched my current path. Can you tell me what I am doing wrong?

Going through http://hackoftheday.securitytube.net/2013/04/demystifying-execve-shellcode-stack.html I understood the nasm program which invokes execve and was trying to re-write it. Some background information: int execve(const char *filename, char *const argv[], char *const envp[]); So, eax = 11 (function call number for execve ), ebx should point to char* filename , ecx should point to argv[] (which will be the same as ebx since the first argument is the *filename itself e.g. "/bin/sh" in this case), and edx will point to envp[] ( null in this case). Original nasm code: global _start section

I want to make system usable without setuid , file "+p" capabilities, and in general without things which are disabled when I set PR_SET_NO_NEW_PRIVS . With this approach ( init sets PR_SET_NO_NEW_PRIVS and filesystem-based capability elevation no longer possible) you cannot "refill" your capabilities and only need to be careful not to "splatter" them. How to execve some other process without "splattering" any granted capabilities (such as if the new program's file is setcap =ei )? Just "I trust this new process as I trust myself". For example, a capability is given to a user (and the user