...
| Code Block | ||
|---|---|---|
| ||
/* Program running with elevated privileges where argv[1] and argv[2] are supplied by the user */ char x[100]; FILE *fp = fopen(argv[1],"w"); strncpy(x, argv[2], 100); x[100] = '\0'; fwrite(x, sizeof(x[0]), sizeof(x)/sizeof(x[0]), fp); /* Write operation to an unintended file like /etc/passwd gets executed */ |
...