| Dmitry V. Levin | 38a34c9 | 2015-12-17 17:56:48 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2015 Dmitry V. Levin <ldv@altlinux.org> |
| 3 | * All rights reserved. |
| 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that the following conditions |
| 7 | * are met: |
| 8 | * 1. Redistributions of source code must retain the above copyright |
| 9 | * notice, this list of conditions and the following disclaimer. |
| 10 | * 2. Redistributions in binary form must reproduce the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer in the |
| 12 | * documentation and/or other materials provided with the distribution. |
| 13 | * 3. The name of the author may not be used to endorse or promote products |
| 14 | * derived from this software without specific prior written permission. |
| 15 | * |
| 16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 26 | */ |
| 27 | |
| Dmitry V. Levin | 4832134 | 2015-03-31 18:52:57 +0000 | [diff] [blame] | 28 | #include <stdio.h> |
| 29 | #include <string.h> |
| 30 | #include <unistd.h> |
| 31 | #include <sys/mman.h> |
| 32 | |
| 33 | int |
| 34 | main(void) |
| 35 | { |
| 36 | const size_t page_len = sysconf(_SC_PAGESIZE); |
| 37 | const size_t work_len = page_len * 2; |
| 38 | const size_t tail_len = work_len - 1; |
| 39 | |
| 40 | void *p = mmap(NULL, page_len * 3, PROT_READ | PROT_WRITE, |
| 41 | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); |
| 42 | if (p == MAP_FAILED || mprotect(p + work_len, page_len, PROT_NONE)) |
| 43 | return 77; |
| 44 | |
| 45 | memset(p, 0, work_len); |
| 46 | char *addr = p + work_len - tail_len; |
| 47 | memset(addr, '0', tail_len - 1); |
| 48 | |
| 49 | char *argv[] = { NULL }; |
| 50 | char *envp[] = { addr, NULL }; |
| 51 | execve("", argv, envp); |
| 52 | |
| Dmitry V. Levin | a402810 | 2015-04-06 22:17:28 +0000 | [diff] [blame] | 53 | printf("execve(\"\", [], [\"%0*u\"]) = -1 ENOENT (No such file or directory)\n", |
| Dmitry V. Levin | 4832134 | 2015-03-31 18:52:57 +0000 | [diff] [blame] | 54 | (int) tail_len - 1, 0); |
| Dmitry V. Levin | a402810 | 2015-04-06 22:17:28 +0000 | [diff] [blame] | 55 | puts("+++ exited with 0 +++"); |
| Dmitry V. Levin | 4832134 | 2015-03-31 18:52:57 +0000 | [diff] [blame] | 56 | |
| 57 | return 0; |
| 58 | } |