📄 1041.html
字号:
int acc_info(char *info,account *user) <br>
{ <br>
char * start = info; <br>
char * now = info; <br>
<br>
/* username */ <br>
while (*now&&*now!=':') now++; /* 这是超级大安全漏洞 */ <br>
if (!*now) return 0; <br>
*now = 0; now++; <br>
strcpy(user->username,start); /* 这会导致buffer overflow */ <br>
start = now; <br>
/* passwd */ <br>
while (*now&&*now!=':') now++; /* 这是超级大安全漏洞 */ <br>
if (!*now) return 0; <br>
*now = 0; now++; <br>
strcpy(user->passwd,start); /* 这会导致buffer overflow */ <br>
start = now; <br>
/* uid */ <br>
while (*now&&*now!=':') now++; <br>
if (!*now) return 0; <br>
*now = 0; now++; <br>
user->uid = atoi(start); <br>
start = now; <br>
/* gid */ <br>
while (*now&&*now!=':') now++; <br>
if (!*now) return 0; <br>
*now = 0; now++; <br>
user->gid = atoi(start); <br>
start = now; <br>
/* name */ <br>
while (*now&&*now!=':') now++; /* 这是超级大安全漏洞 */ <br>
if (!*now) return 0; <br>
*now = 0; now++; <br>
strcpy(user->name,start); /* 这会导致buffer overflow */ <br>
start = now; <br>
/* root */ <br>
while (*now&&*now!=':') now++; /* 这是超级大安全漏洞 */ <br>
if (!*now) return 0; <br>
*now = 0; now++; <br>
strcpy(user->root,start); /* 这会导致buffer overflow */ <br>
start = now; <br>
/* shell */ <br>
while (*now&&*now!=':') now++; /* 这是超级大安全漏洞 */ <br>
*now = 0; now++; <br>
strcpy(user->shell,start); /* 这会导致buffer overflow */ <br>
start = now; <br>
return 1; <br>
} <br>
<br>
int read_password(char *filename,account *users) <br>
{ <br>
FILE *fp; <br>
char buf[1024]; <br>
int n; <br>
<br>
n = 0; <br>
fp = fopen(filename,"rt"); <br>
while (fgets(buf,1024,fp)!=NULL) { <br>
if (acc_info(buf,&users[n])) n++; <br>
} <br>
fclose(fp); <br>
return n; <br>
} <br>
<br>
void main(int argc,char **argv) <br>
{ <br>
int n,i,done; <br>
account ACC[128]; <br>
char username[256]; <br>
char password[256]; <br>
char * passwd; <br>
char salt[4]; <br>
<br>
if (argc<2) { <br>
printf("username:"); <br>
scanf("%s",username); /* 这是超级大安全漏洞 */ <br>
} else strcpy(username,argv[1]); /* 这是超级大安全漏洞 */ <br>
if (argc<3) { <br>
printf("password:"); <br>
scanf("%s",password); /* 这是超级大安全漏洞 */ <br>
} else strcpy(password,argv[2]); /* 这是超级大安全漏洞 */ <br>
<br>
n = read_password("/etc/passwd",ACC); <br>
<br>
for (i=0,done=0;i if (strcmp(username,ACC[i].username)==0) { <br>
salt[0] = ACC[i].passwd[0]; <br>
salt[1] = ACC[i].passwd[1]; <br>
salt[2] = 0; <br>
passwd = crypt(password,salt); <br>
printf("%s %s %s",ACC[i].username,ACC[i].passwd,passwd); <br>
if (strcmp(passwd,ACC[i].passwd)==0) { <br>
printf("login successfully!"); <br>
} else { <br>
printf("incorrect password!"); <br>
} <br>
done = 1; <br>
} <br>
if (!done) printf("invalid username!"); <br>
} <br>
<br>
编译 <br>
gcc -o verify_passwd verify_passwd.c -lcrypt <br>
检验 <br>
./verify_passwd your_username your_password <br>
避免安全漏洞 <br>
buffer overflow是个很严重的安全漏洞,通常您不可使用像char buf[xxxx]的宣告。在这一类与安全有相关的任何程式写作中(不是只有密码,例如像www/ftp/telnet的这一类对外窗口都要算在内),您应该要先检查字串长度。例如以下例子: <br>
len = strlen(incoming_username); <br>
if (len>xxx) invalid; <br>
new_string = (char*)malloc(len+1); <br>
strcpy(new_string,incoming_username); <br>
your_own_operations... <br>
<br>
如此才能避免buffer overflow,万万不可滥做假设,切记切记,连许多数十年经验丰富的老手都会犯这个错误。 <br>
<br>
<br>
<br>
-------------------------------------------------------------------------------- <br>
<br>
与crypt函数相关者尚有以下三个: <br>
void setkey (const char *key); <br>
void encrypt (char *block, int edflag); <br>
void swab (const char *from, char *to, ssize_t n); <br>
一般来说,除非您有特殊需求,你不会用到这三个。 <br>
<br>
<br>
Linux程式设计- 9.PAM <br>
http://www.openchess.org/noitatsko/programming/ (2001-05-24 22:08:00) <br>
<br>
<br>
Linux-PAM stands for Pluggable Authentication Modules for Linux。 <br>
PAM是个可外挂式的认模组。其详细文件一般在/usr/doc/pam-XX中,您也可以在metalab.unc.edu/LDP或Red Hat站中找到PAM-HOWTO。 <br>
<br>
我不准备介绍PAM的使用,在此我将精力放在如何运用PAM的函数库上。您在进一步看下去之前,应当先阅读有关PAM的相关资料,并且先解其运作机制,对它先有个初步解,然後再回来继续。 <br>
<br>
<br>
Linux程式设计- 10.termios/keymap/terminal programming <br>
http://www.openchess.org/noitatsko/programming/ (2001-05-25 07:00:00) <br>
<br>
<br>
termios <br>
<br>
<br>
<br>
int tcgetattr (int fd, struct termios *termios_p); <br>
int tcsetattr (int fd, int optional_actions,const struct termios *termios_p); <br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
-------------------------------------------------------------------------------- <br>
<br>
keymap <br>
我写了一个小程式来专门处理Linux上的keymap,keymap.h及keymap.c。 <br>
在Linux Terminal上,如果您想要设定某些按键返回特定值,您会需要用到以下这些技巧。 <br>
<br>
设定keymap <br>
#include <br>
#include <br>
void setkeymap(void) <br>
{ <br>
struct kbentry KEYMAP; <br>
KEYMAP.kb_table=STATE; <br>
KEYMAP.kb_index=SCANCODE; <br>
KEYMAP.kb_value=VALUE; <br>
ioctl(console,KDSKBENT,&KEYMAP); <br>
} <br>
<br>
STATE为状态键组合 <br>
/usr/include/linux/keyboard.h中 <br>
<br>
#define KG_SHIFT 0 <br>
#define KG_CTRL 2 <br>
#define KG_ALT 3 <br>
#define KG_ALTGR 1 <br>
#define KG_SHIFTL 4 <br>
#define KG_SHIFTR 5 <br>
#define KG_CTRLL 6 <br>
#define KG_CTRLR 7 <br>
#define KG_CAPSSHIFT 8 <br>
<br>
使用方式如: <br>
#define KST_CTRL (1<#define KST_ALT (1<#define KST_SHIFT (1<#define KST_CTRL_ALT (KST_CTRL|KST_ALT) <br>
#define KST_ALT_SHIFT (KST_ALT|KST_SHIFT) <br>
<br>
SCANCODE为键盘扫描码 <br>
<br>
#define SCAN_ESC 0x01 <br>
#define SCAN_1 0x02 <br>
#define SCAN_2 0x03 <br>
#define SCAN_3 0x04 <br>
#define SCAN_4 0x05 <br>
#define SCAN_5 0x06 <br>
#define SCAN_6 0x07 <br>
#define SCAN_7 0x08 <br>
#define SCAN_8 0x09 <br>
#define SCAN_9 0x0A <br>
#define SCAN_0 0x0B <br>
#define SCAN_MINUS 0x0C <br>
#define SCAN_PLUS 0x0D <br>
#define SCAN_BACK 0x0E <br>
#define SCAN_TAB 0x0F <br>
#define SCAN_Q 0x10 <br>
#define SCAN_W 0x11 <br>
#define SCAN_E 0x12 <br>
#define SCAN_R 0x13 <br>
#define SCAN_T 0x14 <br>
#define SCAN_Y 0x15 <br>
#define SCAN_U 0x16 <br>
#define SCAN_I 0x17 <br>
#define SCAN_O 0x18 <br>
#define SCAN_P 0x19 <br>
#define SCAN_LTQUOTE 0x1A <br>
#define SCAN_RTQUOTE 0x1B <br>
#define SCAN_ENTER 0x1C <br>
#define SCAN_CTRL 0x1D <br>
#define SCAN_A 0x1E <br>
#define SCAN_S 0x1F <br>
#define SCAN_D 0x20 <br>
#define SCAN_F 0x21 <br>
#define SCAN_G 0x22 <br>
#define SCAN_H 0x23 <br>
#define SCAN_J 0x24 <br>
#define SCAN_K 0x25 <br>
#define SCAN_L 0x26 <br>
#define SCAN_SPLIT 0x27 <br>
#define SCAN_QUOTE 0x28 <br>
#define SCAN_MARK 0x29 <br>
#define SCAN_LSHIFT 0x2A <br>
#define SCAN_STAND 0x2B <br>
#define SCAN_Z 0x2C <br>
#define SCAN_X 0x2D <br>
#define SCAN_C 0x2E <br>
#define SCAN_V 0x2F <br>
#define SCAN_B 0x30 <br>
#define SCAN_N 0x31 <br>
#define SCAN_M 0x32 <br>
#define SCAN_LSQUOTE 0x33 <br>
#define SCAN_RSQUOTE 0x34 <br>
#define SCAN_QUESTION 0x35 <br>
#define SCAN_RSHIFT 0x36 <br>
#define SCAN_PRTSCR 0x37 <br>
#define SCAN_ALT 0x38 <br>
#define SCAN_SPACE 0x39 <br>
#define SCAN_CAPSLOCK 0x3A <br>
#define SCAN_F1 0x3B <br>
#define SCAN_F2 0x3C <br>
#define SCAN_F3 0x3D <br>
#define SCAN_F4 0x3E <br>
#define SCAN_F5 0x3F <br>
#define SCAN_F6 0x40 <br>
#define SCAN_F7 0x41 <br>
#define SCAN_F8 0x42 <br>
#define SCAN_F9 0x43 <br>
#define SCAN_F10 0x44 <br>
#define SCAN_NUMLOCK 0x45 <br>
<br>
#define SCAN_HOME 0x47 <br>
#define SCAN_UP 0x48 <br>
#define SCAN_PGUP 0x49 <br>
#define SCAN_LEFT 0x4B <br>
<br>
#define SCAN_RIGHT 0x4D <br>
<br>
#define SCAN_END 0x4F <br>
#define SCAN_DOWN 0x50 <br>
#define SCAN_PGDN 0x51 <br>
#define SCAN_INSERT 0x52 <br>
#define SCAN_DELETE 0x53 <br>
#define SCAN_F11 0x85 <br>
#define SCAN_F12 0x86 <br>
<br>
/usr/include/linux/kd.h中 <br>
<br>
struct kbentry { <br>
unsigned char kb_table; <br>
unsigned char kb_index; <br>
unsigned short kb_value; <br>
}; <br>
<br>
#define KDGKBENT 0x4B46 /* gets one entry in translation table */ <br>
#define KDSKBENT 0x4B47 /* sets one entry in translation table */ <br>
<br>
而console为 <br>
console = open("/dev/console",O_RDWR); <br>
<br>
读取按键 <br>
read(console,&c,sizeof(char)); <br>
<br>
-------------------------------------------------------------------------------- <br>
<br>
terminal programming <br>
term.h/term.c是我写来专门处理一些小型的互动界面程式。 <br>
<br>
<br>
<br>
<br>
Terminal指令集 <br>
设定颜色 : </FONT><br>
</TD>
</TR>
<TR>
<TD colSpan=2><FONT
class=middlefont></FONT><BR>
<FONT
class=normalfont>全文结束</FONT> </TD>
</TR>
<TR>
<TD background="images/dot.gif" tppabs="http://www.linuxhero.com/docs/images/dot.gif" colSpan=2
height=10></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></DIV></TD>
<TD vAlign=top width="20%"
background="images/line.gif" tppabs="http://www.linuxhero.com/docs/images/line.gif" rowSpan=2>
<DIV align=center>
<table class=tableoutline cellspacing=1 cellpadding=4
width="100%" align=center border=0>
<tr class=firstalt>
<td noWrap background="images/bgline.gif" tppabs="http://www.linuxhero.com/docs/images/bgline.gif" colspan=2 height=21>
<font class=normalfont><b>所有分类</b></font></td>
</tr>
<tr class=secondalt> <td noWrap width=27%> <font class=normalfont>1:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type1.html" tppabs="http://www.linuxhero.com/docs/type1.html">非技术类</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>2:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type2.html" tppabs="http://www.linuxhero.com/docs/type2.html">基础知识</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>3:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type3.html" tppabs="http://www.linuxhero.com/docs/type3.html">指令大全</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>4:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type4.html" tppabs="http://www.linuxhero.com/docs/type4.html">shell</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>5:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type5.html" tppabs="http://www.linuxhero.com/docs/type5.html">安装启动</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>6:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type6.html" tppabs="http://www.linuxhero.com/docs/type6.html">xwindow</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>7:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type7.html" tppabs="http://www.linuxhero.com/docs/type7.html">kde</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>8:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type8.html" tppabs="http://www.linuxhero.com/docs/type8.html">gnome</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>9:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type9.html" tppabs="http://www.linuxhero.com/docs/type9.html">输入法类</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>10:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type10.html" tppabs="http://www.linuxhero.com/docs/type10.html">美化汉化</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>11:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type11.html" tppabs="http://www.linuxhero.com/docs/type11.html">网络配置</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>12:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type12.html" tppabs="http://www.linuxhero.com/docs/type12.html">存储备份</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>13:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type13.html" tppabs="http://www.linuxhero.com/docs/type13.html">杂项工具</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>14:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type14.html" tppabs="http://www.linuxhero.com/docs/type14.html">编程技术</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>15:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type15.html" tppabs="http://www.linuxhero.com/docs/type15.html">网络安全</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>16:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type16.html" tppabs="http://www.linuxhero.com/docs/type16.html">内核技术</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>17:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type17.html" tppabs="http://www.linuxhero.com/docs/type17.html">速度优化</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>18:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type18.html" tppabs="http://www.linuxhero.com/docs/type18.html">apache</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>19:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type19.html" tppabs="http://www.linuxhero.com/docs/type19.html">email</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>20:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type20.html" tppabs="http://www.linuxhero.com/docs/type20.html">ftp服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>21:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type21.html" tppabs="http://www.linuxhero.com/docs/type21.html">cvs服务</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>22:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type22.html" tppabs="http://www.linuxhero.com/docs/type22.html">代理服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>23:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type23.html" tppabs="http://www.linuxhero.com/docs/type23.html">samba</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>24:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type24.html" tppabs="http://www.linuxhero.com/docs/type24.html">域名服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>25:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type25.html" tppabs="http://www.linuxhero.com/docs/type25.html">网络过滤</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>26:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type26.html" tppabs="http://www.linuxhero.com/docs/type26.html">其他服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>27:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type27.html" tppabs="http://www.linuxhero.com/docs/type27.html">nfs</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>28:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type28.html" tppabs="http://www.linuxhero.com/docs/type28.html">oracle</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>29:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type29.html" tppabs="http://www.linuxhero.com/docs/type29.html">dhcp</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>30:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type30.html" tppabs="http://www.linuxhero.com/docs/type30.html">mysql</a></font></td> </tr> ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -