Thread: Bug in code

    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    245
    Rep Power
    12

    Bug in code


    #include <stdio.h>

    main()
    {
    system("for i in `cat /etc/samba/smbpasswd|awk '{split($0,a,\":\"); "
    "if ((substr(a[1],1,1)!=\"#\") && (a[1]!=\"admin\")) print a[1]}'` "
    "do "
    "echo -n -e \"SMBUser\t\t\t$i\t\t\"`du -ks /home/$i | "
    "awk '{print (($1*1024)/1000000)}'`\"\n\" "
    "done");
    }
  2. #2
  3. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,145
    Rep Power
    2222
    The if-statement in a bash script requires a "then". Also in bash, if you put more than one statement on a single line, then you need to separate them with a semicolon.

    I would recommend that you get that command to run first as a multi-line script, then as a single-line script. Or better yet, have system() call the multi-line script.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    245
    Rep Power
    12

    I ran that Bash script in Bash without a "then" and it it did run.


    I ran that Bash script in Bash without a "then" and it it did run.

    As for the format, the example below does worked. String concatenation is done by having double quotes around the text.
    A semicolon before an "fi"
    A blank space before a text begin within [[
    A blank space aftera text ended within ]]

    ========================================

    #include <stdio.h>

    system("if [[ `cat /etc/sysparam.conf|grep EnableDHCP "
    "| awk '{print $2}'` = 0 ]]; "
    "then killall dhcpd; "
    "fi");
  6. #4
  7. Contributing User
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2003
    Location
    USA
    Posts
    7,145
    Rep Power
    2222
    Whoa there!

    I just saw that in your reply, you used square brackets around the if-statement's condition, whereas in the original post you used parentheses. Also, you terminated the if-statement properly with "fi", which was missing in the original post.

    Does this modified form also not run in your program?

    The only other question I would have is why you have double brackets instead of just one.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    245
    Rep Power
    12

    reply


    1) I did modified the original code with square brackets around the if-statement's condition, and with "fi" but it does not run.

    2) I tested the code again using single brackets and it does worked.

    system("if [ `cat /etc/sysparam.conf|grep EnableDHCP "
    "| awk '{print $2}'` = 0 ]; "
    "then killall dhcpd; "
    "fi");

    ===================================
  10. #6
  11. /(bb|[^b]{2})/

    Join Date
    Nov 2001
    Location
    Somewhere in the great unknown
    Posts
    5,163
    Rep Power
    792
    lihn, I have a question for you...

    Why do you insist on executing bash code through the system function?

    If you want to do bash, then do bash. If you need the functionality of bash, the make a bash file and call the file through the system function. This does more than just clean up your code and make it a little easier to understand, but it also seperates out the logic.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2003
    Posts
    245
    Rep Power
    12

    Bash code within C


    I am trying to make the code more secure by converting existing Bash code file into C so that once the user purchase the box and if they hack into it, they will see binary file not bash code where they can easily read the file and do other things.

    Of course, I do know that when you compile a C program that call a Bash command like system("ifconfig"), the ifconfig will showed up as text in the binary executable file making it easy for anyone to guess what 's going on. That is why I write some of the code in C, while some remain as C calling Bash command.
  14. #8
  15. /(bb|[^b]{2})/

    Join Date
    Nov 2001
    Location
    Somewhere in the great unknown
    Posts
    5,163
    Rep Power
    792
    If they are able to hack the box though (unless the root password is easily guessed) then they would most likely be able to figure a good deal out just by looking through the executable or use some other exploit to see what is going on.

    For the most part though, even if they did hack the box and read what the bash script did, it could still be made so that it is obscure enough that they wouldn't know what is going on. You can always make the bash file some obscure name in some obscure directory, etc...

    But, if you really want to break it down like that, then you really need to call as little bash as necessary. Like in the code example you listed, the only thing you should send to the system function is the killall dhcpd command. The rest of it should be done inside of the program. The less you send to the system function the better.
  16. #9
  17. pogremar
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Location
    At Work
    Posts
    958
    Rep Power
    13
    why is using the system function bad?

IMN logo majestic logo threadwatch logo seochat tools logo