From d1ca2c0037807c0663e16d86de76f39621ce155e Mon Sep 17 00:00:00 2001 From: Yan Date: Wed, 4 Dec 2024 12:10:11 -0700 Subject: [PATCH] try this yolo --- .../web-overflow-client/_0/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_0/server.c | 8 +++----- .../web-overflow-client/_1/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_1/server.c | 8 +++----- .../web-overflow-client/_10/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_10/server.c | 8 +++----- .../web-overflow-client/_11/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_11/server.c | 8 +++----- .../web-overflow-client/_12/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_12/server.c | 8 +++----- .../web-overflow-client/_13/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_13/server.c | 8 +++----- .../web-overflow-client/_14/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_14/server.c | 8 +++----- .../web-overflow-client/_15/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_15/server.c | 8 +++----- .../web-overflow-client/_2/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_2/server.c | 8 +++----- .../web-overflow-client/_3/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_3/server.c | 8 +++----- .../web-overflow-client/_4/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_4/server.c | 8 +++----- .../web-overflow-client/_5/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_5/server.c | 8 +++----- .../web-overflow-client/_6/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_6/server.c | 8 +++----- .../web-overflow-client/_7/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_7/server.c | 8 +++----- .../web-overflow-client/_8/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_8/server.c | 8 +++----- .../web-overflow-client/_9/server | Bin 18008 -> 17968 bytes .../web-overflow-client/_9/server.c | 8 +++----- 32 files changed, 48 insertions(+), 80 deletions(-) diff --git a/integrated-security/web-overflow-client/_0/server b/integrated-security/web-overflow-client/_0/server index 999774c48d75fc0635ef82c3747cb4aae75c91da..6c19d8516f87ae1bd65361616cc73ac4e98cb289 100755 GIT binary patch delta 3495 zcmZ`+3s6+o89ry1$L_idyDV_;RoMrRf+?^d$O09;>q1;-G-whsI?)I-nn%@$Q5tNt zu2pR4LPPSKYHZRT;Y%l(`)Y_XaTD{<+ zfsiv8ovm0Uhu<>x`cmfgR=|Wj4x;;Su5^QR*ZN z%Yjqo4fGQjGfSW*$&pAk8wfU;?AFd1;&Zl$8(@nZkEg;tN%7*+e;DnMG3c+2g2F6)cG@ECJ1gHHfZ8 zbT|RchHgZ=5IvWG%5VzN-y%AifX;-^5WQrx4@~D5CBNj%wOlPFM1ZQwrVAzF-Y zYjBUHd+Q0gmhQQQ?WTL$%Z&EGIoCQ0+uRvhtzMNx&YULPoY~`1iI(*Y{JUiABbbvoWHSEI6zrC>piT14x`;``Jkr19aTbnA;aLZCzW)}FSavt!Zb*{@ z)DH{fN?Hh8<&rdq(271@fT*m%8M#*NvxqLj7$VX!ysh$!)AuUUIDm_j_fE_nLA(PY zrIH>P_=fV3$z)1_Kh9Ei-N3wMqaOa8jcQvk)^Xv&-39p@vPhbd{37wDApUg&C-FOc z@j5PxNj#wk+$;j(5EBD-CGmjA(T@{Fch-KZU|vDy-!-`KqaU#~=@`Y);L>b>*zD*0 zpI^t_xO1B9Vtdw#-=m?&#l}hIo2BmWP?!_WJdPt6`nn+c*aCOg{RqC5u3pc+a%l?gxe39+m`>~mUGuFgSkB|+|roa zvhKPUm|rbw-awpZ83JOJ|G_=mS%)7WIJ8-KzK3T3{(vZRq$t7n9`@b=)gF)XQ$#u& zCSwhgxJs9CSBSTdufb-Ihwg&!d9p1<%qy0>f;F;jywNlsi7kuswE8nT9)S^$zhDaU zKlI3w&i6x2OFD0a9u9R*H$}Qjt|R==(mA&ydoEeV&w|I>LQ5d(Z9VRL-Q*2CzOm&A zvblBr(?z-bJ-67`xc0&N#s`+Jn&X=f{kb`CF1Kh^=4YCA6o1g`mo@D?+WNSr?M1r{ z?LoBnO=#LBw6m^injL@fD%?E9XrI5SX-m;Qi#hcq+Usb$(5}NT#Cf#aU`1YG$;m64 z7C>)OpXy{sQyD(z5yJ)GB_Hd0e3~z5+F|%fUY;_7epMoN3XXS91X<%|XRv;pQ%czIcUMZZ6<(=aNKe2AmA_Ps<(<%_Ayj6VoMb=r&MTxTFg8!3 z3a?9fy@b^etxj^}n$k&B-wtl@S9vimQ-7P+y<`2?PX@mR@$mY}4RA7{JTw~A=>4`ZXZmI#B zk(cpQm>a6H`t;=W!In_)PAW(7pk`$y42E{m!%(v*;4+eJ7#D+;9@vhkF>lM=0u969 zqJY)-pzMc3DxywRwEy9 mboIeIpC6~bNO2gf*Dx^$8-iA~M)dy(+-wNa??d_hh5rT2*}Lrk delta 3508 zcmZ`+eQ;FO6~A{svL7U5H@nGu50d@Jhe9E{`B)M{`FNX;W}~r%LYOcLO$L!KAwiO& zl^BtvxGYiDGq&JpCpc}9X*-67Kb$BU=qO~`L6`y}V$&&6g*8s^ z%%1bk?|06*_uYHXeRuoz&p0?1`iz8IiSf{L~lUU=%**) zn9&b$bpJ~4gh8X&?@94c{n|BcFyGV$hfO&!XfnVllLz7^v0x1QWV6*iZM}sM9nrBt zVT&)4xn|Qh6$;IQWaqXjY_iNBj3{$prCCUGsRWlE*n!9lErSU$9rTz5_`sZ+Ha7`1 zz)?g;5e+4wDR2$ZY)fidV-jkH9E$+;h^|XQt?(G4+Yx;>2~C9#iy);Xjp*ehHXZ(i zthPhA&%Pu!1O9;-Q?03K?ZTGhkb};lo;mGUhM}GXFTpnFL!NYW+&QK? z>6w#9b@HoDjd0W%nDss`#DG^N{%z&ai;<6&VsI$Za3K__84iU%!K6mF7SGVkG#N$ksUXcjY}LGVofSjA)M--~z`_6k+gw`u(0J3M32gN)5^UGP&1E-^q& zuv9FZdd-~F$E(mJN^nq|C%>Y?u_{av>K<$he0Tb`BaK5oH#T`?pMh39M%fm>f~PMl z1Qu6}KKT3sd;T4STrTN6BH@~`NX-~dl8bF!{*-H?(uq9J>TQ zcQaiHd)=)tsI&dqb3`Z9uix6XX7l>ZYdtNSJ*_Rzw0Y(h;n4+Ga|>4lt|`hNaRR=& zt|(_wcf}Q@3-uAy`%rJVsVJkUAHSt2sraV*aTCl&ee%DGQjdBUzS26>2CVQssM}DV zMcoBk@*XZ6yP+t4j3(748#}#=@aM$LIPJXUqpZf?i=&Ft2OsC=P|OM}8h{g#-Du(mpJ$M1PEC z`-W{sWeyupe>H?_fYg?`!xhwwQEhS1Nv zNai%|AKqHQ;&a=3%`&&xr<64rDttfD+03xp=c1>;TkL>g>oO{W-G50xXqWLyPyn`~ zVN89qNZ=lsdJD0^lHyFg6~mdHLV8ixN~i5IPns*FAe zU@s9UfnZ6dJ`?i?OYqiGlBE}j8Mc&cllruqTq2I04a+zQ7^+}6Ky)Imn`;Z~^+XV)7Lq{MBG$DyHa93Z)%Bx=$WCj;pRLr=V7Xc%X0)e zjmttVE4f_Bq;wa*R=GNyQf(JFv>aQwPZyWJViJ1G@ZL7ZNr&J-nIN6VZIFS}btGHn z5qyi{(=hWj-bR++{)+XO->wshSyuhHGYWRUW%1pTiu=)KEfucV4KN=`i}+aMvd;j9PMXRO^-9 zM_6O$CTquef1hzV!lX2=^*DL%^kA*^NX3E3 zFukIHE@xc7TycXs@K)Tu{z+M`t*@)B`dNvu#5bqk_rnkM{qcoOl*V9*?6>!&$UJ2q z|0lujyHP|>nN;+YR+9_ijO@4Cv_i$wvkud!^r= zD8kcrmBZ3RG%=g4+J z-2dMLLue%m&IXq1a!aB= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_1/server b/integrated-security/web-overflow-client/_1/server index 3b9a09cf194afed4069839f1750f7241467b2b92..e8ea4ceab84d166a050174da2628fc508259bd91 100755 GIT binary patch delta 3451 zcmZ`+eNa@_6~A|vh252pU3THUr?Ou_g%)=Ck`*etE1>H{sx~2m6O+hHG)bcYqgZXV zt~J|cyI?U#t4Wg?$se(HjMXr00@W1L8Lh2pY?@?f#w6G_Ew(6&nhYxT_1t^k)77+> z*?aE&{mwb}ymRk)?=sv?k9N~u*}lvXBCLs?kfXax4_b$<93#Wl-5>caeK}&*2X-0= z%O)|?C9#P)MUjp_bGewC8$x_=TN(vk0z0T=_h?!kP0Is^=)1YjLZRa<6t>Pn_>tie z-~V$tX%Om@2Cy0*aqhU}S+Veq_^H^T*si_D&!qo8{5L;rHI^tdQB4nz5D$q`8(~-h zoG?B`{|Xn35`@xZ=uF!T6(;$4lME63wWZ1Q3?pdsjm8OR#oV`R@G8cIRaAj={_rX@3LSqhpC4T#P~bX5v!hINRp zMYJ;owZhAYzJzEr13N&ae8o@56}9+k|5t4<(lQ)9 zjAtyz-9*UM9M=t;x85^v(dYf=?2l2{=*Z3Mbcaaf^hv_S>7A|+QS+XGpE?rGf--!- zE=Ox5{@LhvR8>7?npOt&&bp!}Z>eg$d1~jjDYeTT>B-uSc^WK0)Z6U@=A#u_P{n%eTR6`3vbLxR&2oIuErXxa2xi ziw$*E-_a@+%$pc88U5rY?2z-IOY+P}V$m>*oG)2?1V^RD8Lw#ku^ZfD#T}2`kSzyj z8O)PwXccUb%d=&nE7tfiL}dj|%k`lFvsj`LT|{C-8*A=P-$A4?fX^oHP0TJqoQ1Gb zL-+M>QtmexveMxXGnDP@^~a(f`hrEZF_?&*KYwRK{()7Eq!G!xiFX9?ug@`wKjfPi zyDXCUHZsg%hj54?raJ6S;|^a(J5H3`-un%Lc>$S!*Wt#Ge8To5HiFUM)@*{r%)fGqaYS zhJDPg9(CSAoCWrC1jH`?om*~Z3tm8QutQjWfZqVrdyW}WRKf9nHjcp@mrHpSk$CfD zqInWCei=`N7=3ybI$SQg9d^0$%_Yn#VOq{6`Bpw@9gQSflDw?`h=zw?*ySz0iS-|T zaB=*@aO>ju=ivv!@u}8GPx&>3?_W}SE3$LUJo+xU-0id+qVCSuJ;x31z?!w~kCTqh z)lZlB_}EwGS^DTVo0fiK$%<0XTo~{bz_71mMdl?{J&X@@__C_Lk8*BORi8z<7Uh1F zz6n(wL+QAps+su2%kl7(p^RQv)g>r9u%@0sIfk+u92>fud&}~qYU@dad0w^tVo64|$#-XK1 zGN{*KO_7hbLA+=Yjl!RbB-3V0vZH^Z=w^n!!WrV;YBfo~ULLUT!PhWr3h(i10n5wX zREG8C0lFXhaGVb(QO`C%#5M3_@YV*@@3u$HAwFZ@OV&J4>0jziW`y`mRaJH@_`QHh z%pRW~fjjIZ+`|rs2RUv5=%TvZ8NqWu9>wiNf;A zMaqyp#9ZFhj3kFFgJYEv-2-PT1Jnujsyw3uE$meiHRF1D#yldUl=$j-Mv2&9ebu*> zUhRgayJIhS19}?*S}jomN_9YywQH2F!%B?lR6slGm|;tGz&q&+aXO3lSQaQLu@iHl zz^!ny%5D8KM;*jj3|FfCm~3y2r0BOa%~HG0IN63EtKZgi){AF@5*GfB8i{to3pMlU z8}OH!Unu(avg;9RVbshu*vKB}n>~xB!-d%rRe0~`{bJTbbWU29&yYi++Hr7zx7Lk* znfCX2-^cY1)TWi&h>UmH5cjTkZ{xYh#boT6De!Ua?4ISeBS3@F;&Ifm8)Ra>$977y zU9AY)fOd<`Mrp@C;t_b7wpanQ2PLHfS+*j(N3gb<_ZS#s=|j9<4=00x${5pR&!%m% zUUk3L*43})0nNk9;GH8Whcy4}g2Eac(mRLtj5(WChbN&tFC9IoJ{k z*!QOkxBJ<37h66IAbLcrz$02=&V}otfK{){WCm1)Yb_qFcs;N_9K2o1QT+I_)&>LN z?eqZDEeP24VjIHEV67LnAgbqWnM0tBFt8wC(O)QgU}C`{L#`3(8~s-O_~Jhs&otIr zqFOmb;aFqPa{Ip*m}m^b6HPXl(^O&6>j9%{3f_MG*tAVb!a$RXg*nh1w1n!!`VYeO M<{BLOZ!OV0Lr*R6Ue`FYqXl67{TLM#Sh+`FJYP-~rtcIjiFt6v{_f|J# zdS^K2p5O1BbMM}J&wZDH!*t>>?GtUScA2oINW%ignC7jleP7lto;&EaI#3WJUM z0y75HifLk1ZHj6E>*lF8DVNobrmcF_%!hqcu!)+NsIej(r=O-wdsLrkkIXyM9yp}i z?D>BwiI$S+!J^;n7>gd*e_~rl!F9a=vOxsVC_z&n@mEIQzf``!#+foY8es`(?PFEfRm=gq?K`~ z0Zt)$3(;U4x&Uq?nr==^YKlWmkYN^J9im&~PzyYPXgi{N;?P9sFbh&r+>Bn0W0TFDZ(0 z&UkYLEOwM-Z+xIAq3XH)9dk;XE7+Spuzbrg@J@Szv3=Z}*OayzXCxfALnDkjlPkn3EW%LQ1 zkGSR(rKkJJYl##3_@=)mhjgrb2_@UNVN&#Uhfw6EO^ZLgkWIG=A_t&zS!xV+-67d^8c9qMxQf zy_mOX#>8`}V;q5IQG)lxRq|04j#OfbVE4#w|F@U#AksL2zs<~Fn4Kzd5;7$}Jvh`T z)$4S(jqtlAQs*QVIGgpz*KAh1OMAMnTzRx1=a5D6%dc3*c;bXgTt;H*Am6<1JL)37 zt0ml}Cd4Vm$F<-+jtSq5C0zP&@9R}2gv`w{-1y0>Y)`r;aW=R$jj%oa<;;Ih<7w=e zBc1Hbj^jYX&#DLK2HVHp@=-|0sC2xi6>Q}A4iS6k7*-M zp}+;$IsA=6$VW_^W+L)46=x%wSo|(EK3$FPVDVegWqz39QP?>847cJn%8vLAynS(| zJ6T)-`e6S6>;D#lPN#GUkx=zaPxTBgl9L@>-b(?!N5Zr&u6uAao z*A}`7`dqCrqO<;_kNj6r)}iji>2F0nhx#z;7Od)vsM}$0*5fn^$Fl5FBId$HdNm#i#_;K=;;E zd+1g;o?S!x;BK~Hd=<;ZK4i=JPXbI@(rxPwyJ7q~~N-b}1eSCFc=U^vqYNk8fuY0M_`r13&el1VEJ76`Np zE)@8r*yH8fK6cU!wnBjt2o$F3Q!#&_5MLdIX?lT};Q7KAr2*|F7K>vyu?}-j0xc3K zE=`e7vTDzzn9mN)XFY5|9|C)ee3=s-nbWav@-SMI*hoafEpVpLW%(;d?PNL|?iG1) zbu;~f6nl;Fcoeg|;~)g;ke&a-GVwrA!lu8^FVJQ<>R(I$1fTnVFU9uru9hf(o+&yj z>4Ia$k5fHdFBa%xF7vpo;Bpg_(gXb3cyzd=+9|MWIiBY}U0nW}N$4-ZcUQ54UVvjI zf^-RwK?*L{AJb(XaaudBlg!sRjVyn?73eX)O(znQtomu`345Qi_-;wXeQ2}hfr3(j z7C^XEkg7Bv_JL>Z87>Lgz*xGA%WfuNq*UB;lzHPX>DM+kR$iZKGmSmHeOi`5^ta-v zk3IM_n4Ho^W$y{r*uBTvSw7xpTuw15&1xggUpqb6$^=O;sK2l#Rp#+)&}J=@v9tuP zuM`&kh-XN|iO8^|EC)Zq$PLM5Ur;-~YTLFwEz33QYAY&#Ug$0K77uy9_mO@mx~7@Z z2-L|w+rR>urySt_39$ES7}3!L6&=-Tat(~jK8sZ=R4h$Ppu{X|rVO=#(uY;tkKaqy zS|J?h#1get_-wHv9MfLOSel5&R>%U67eA;h zF*j$)e2iuYRhF6`{@(%@(25nD70gwo=2(4*P+L{{@cuDr8#n{uDg`f=aCND= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_10/server b/integrated-security/web-overflow-client/_10/server index d3a4b11c7cdcab5641f2973c6276aca0562565df..3ce782649ce0374c0927c0dfbaec5bd711b56b3a 100755 GIT binary patch delta 3522 zcmZ`+4Nz3q6~1?Of!*bASJ-{;DeMnF5nEsvSXiN=y8>~Y(TY_ZoR}yx8j~g}L}{hf zf>jd9LW4OZ(KMMzrfp)!5|v34XiPD+(M;3ENt2B2Xo8(&imegwC!%6s&%O6O*qHV* z@1A?V@0@ebJNKS_m$RMpNGI)XIT@ss^Qxx&|m8=f>g zkoEsuP8fvxgaNF^2hv}@wd(rX>v=783tx#ovH#>7rail!g&oE`B?Hy;@CfmcHfkdb z%Y@^`N9aG`f>DByNrpz#cJRl^Pshm+!KdCN)Atxj6QCh(5gp-*L&$jIWf+T->Fb;w z?Dxh8DXdLsgbx$uLyCE3?l^j9d1;>cu!RrxPz=chCLX=&VT}|1o_sa}Q-Phnfy3`e6oL?Wk75H3#bc7=%Qcnp4?7ERC0 z#}{l)tBZ7eG4dl-Ro{(E%!i8f@|=h7sA@;ex<_4O@r1KkEYXq?siHjGo7$ed4F@kj9L*~ zaucex4>gxeYvl{(O$?cge0m#p$qs0iJhQH1(J+hDZ&;j%BU06@Uuyi(Tim06+T&A@ zBKxQh=F0(E3R~rZlvzSotnn1I$qJm3D?)FX#S&HMBGNvzE%5d9{TgWu;ERd76SGec z??YG#(C7MppsX+$Z1M1?SxT!BtC~eU^c9P0TQJ&w?%ec-T*RtI(um~Oi8F%u*L6(d z6MXa9FN-Ap5gF!ii*Se`#yadYafipyjuUxPd%smM2ax%9Id1&$r)*E!hcO!5nihy= z{Mh@|H9UGKCs`Pg-g2C?#qK|EGSLJK)lT24@HzOVq z#1286##KjNMYn_hQ3-jQb-!ob$a=&uA8eu3%xse|s}W{>%&h5um}O3zWihkO!YqZE zE$ym&iP=@4&fAEyz>XmxcKLH|xt%R|5y8PN!t!JM2B2OyGo+}3XIEj1%SBt^XD+8Xk6A_Ima~b|$|rRrk?7JfURHlW!$WY^<;}f~ z^&eifxZ{&>-Qtex;g#Wz$+}2a!8L?eESYmBvip*Gy2?#bs6f2xVYQRrjD= zk8(fCnd7Q@31#9HRZYS-UW|t)ALaI&s=5T_My#oaP=1cG6Xi<$h4={NdT7X=UGVCt zs`}8HR43Tjr^%1cNyKmic+0`Q8lT!rs(KJ!&(2m(V?5nxuQ&E#W%1kt^=Bv&YHq|yrIDI0ymYRslZ3~Lobe< za02yg3qo824;XLtKnvaWHgky2*k_kD4-^$H^NuBi_)Jw*cDh)gyy5Hec^~u^ZloRv z7pK9H!2}-PY51+d12+FKt~u_PDAP#8VzZDjZDd8?-Xe!Fk+i|`qD9J(J*0V^7Dkdv zYT;;+M0?=9A|K5Fd$GfqM)snVs2SID7#&1LDe=`EMv2&C;&+=9Cf^{;q&T8{t4;0eu7h7I;n3x0l_rSPP@( z41MQ+;$jfP+B~SI(CCh%y-#NYPK5`Ve8W_!zn23_(wbf zXO+TQCNu;k#g8mokzGev+rWDajIs1S-Z#OCps%Q%X|i|IHd(Kc-)ZaWw|rjO=;cN5 z&XtryntyiBVU3?$lzrUuA9(*U>y>}%{`K5(eL_Y#Ys9cwoUg6WqRtfTY{w1j;2{qe%>es*id=7a%6 z`?Lz|(+YDQ+zk1wdR>ksKykRt;?auN15M%JR4KRNH=MP47znr0gHXQEXV;5u2seYZ zZfHSN&s%MpK&xP2q0gfKp!C4_!bOIeMyRMNwCcwf|7Urus?4%iD~G*sv?^$s`X>m+ ztAg-QwGHN0`z?AsV06{Nsh=O4wn<|!P_1HN4%7rKp>nbQD!5q_q|ZXpy|e!d2Xe#u delta 3535 zcmZ`+Yj9J?72d0d^}xpWBFXn&u=T=DpkT=l8DYxf%8w#i(n7!tZUZ&LBPKj-id~Wh zh7hbK!Zx6sNhZmp9jDVwVA`~H-5-o6B!MYa>MK%$ZBHEmV+TjsIcO&{_7McrtY@(c(mC^HAY(Bh& ztbRh6&C6Nr6!;59%(ds{9mztSkY^WRKBC96&;nS1=vG8O$U-I9hUjaEUdTeH!Y>g0 z6Qap1w6Oo2ea!R%@3;OlK*(*i0JjCL=07Irxw^5&!A{!z`y zL5;kcQBX5l4ac3KSs&s?4EQwSA9m)w4EbawI!8MjE<`))hokZLG3X{JbiF$7657O1 zB|T|X?TkHkSycxxGM)N_M&uwd(t%|b?S8Qd>CXCeG=3gE)5Qdt5}bZ6bQgSwYlNYK+L=DIisF>p&@49CUirW( zS7VN0$|U*u7_5_A&>(uJeT>ybJ@UWdaU2edwbNoc-*=BiEPD{K1#XBzE+5=dh;zXT zsdVy~mBrHLI0Q|S3~x&Fl-D#kS&Jc}vB9>`e=pwwq%na{Mkg-J4vlyld~%3;u78!h z!eB_5;WyLdy?@05r&$mFi)Pgp?u>o**@F!^jVzLPzN8VeiC&Gkgv7{mZ1Z9_v_*VF z57?pw#1ymrwwhSLUu6Q$7~lI98WTt6S~YI`@aJ?-V#AmXZcQU>DSX=Z_q%u+_oT^Q zdS)-;L<5_&gL9ScWA}n{U@59~K1+!wG~%E}9D=n)?!C(>u|*>u(}*KDYw`$&O|D0Q z3$T6QYn709sCbu(mc+k|tc=9d4bkq>G?w{_r8DnG_g}XrFGIky zj#~qVJ*_Zk;Q!!#&mb<{yt8fN_RZTL_qJ^JwzmAF%{#XYuPzw#mo^rEp{l>d1sJ-a zsza#TQmWd4`q!vmM*YKEs(Kyu_in3dE`HNE9)j7ZkNsO!m!jTBhH(;qHP-c;2fdXqW}PjBxs{FpE@E<0<*DC_XkdR71wHM^lpwNLAG;Q?CXAK%l zJsb~Dl?J(9IEwuuIE{AJMGB+wXtCA`wtz?Iu_|mte`RS?pgQma18;=`0XKIBeB}-p zwy)$Q5Q3MDgMxyug%aS)hB5T5GLc!hj5fl<@^Y8aj_y=XB0Z=V%V!0J1(De6(MBMaOLW{T$;bQ3ba%Mko>473> zImN(}4tTxlVa^Cwszh!olch}7Fu8_G`9A)T`3<ggJEgiE7TglNsqpcPozeOCHZp^aXtw4G%0eahqrmGYQA15WBGxwjhKpSa^Jle= zJs)McIdEmJIO+Q=LM|qvz_jWTZWZPFmFkQ%R;-yP!YJXf2s0dW`2fqD| zu|Ku2iQ|&6TnP%jIa=sm_9ufrg%gOLv1sTSy(SmJIVEW4^+Ltcv`6OH6n&_`l1O;G zihJ;9MokYGt&c>Mmc>Kix;i8>W8mPCEn Vwz^u&?Fl$nA2ys^00)$Z{sSR@(9!?^ diff --git a/integrated-security/web-overflow-client/_10/server.c b/integrated-security/web-overflow-client/_10/server.c index f8a1429..1014b38 100644 --- a/integrated-security/web-overflow-client/_10/server.c +++ b/integrated-security/web-overflow-client/_10/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_11/server b/integrated-security/web-overflow-client/_11/server index 53ee741ce398ef2a3cf82605e225979f3ea2eda0..8e77a1a83abadd2b045df794805e8404833f1bc3 100755 GIT binary patch delta 3495 zcmZ`+4^ULc8Q;C*&)s>z9S6MkRJc3-R7im1pPW$9cOJxJMx!PngA+|)M)RkM0iz_? zYCWr$gdQ{`A8Aa|B+!|(b;eqOv=LHMY-hAi)5b|mhICAXPBX#QD5%MxU|+x8eGe|C z-I=%F+u!f^eY>~2-`l;>PI|PHcFWH7E|st%YC?`aU+_!YsEuP})b{+}i>-YrqSXgZ z>I*pHMa!_nA=(s80zQ@^(YDm6{AJFX1)dN4sO0qMDvz%6z#;m6sy#<&>^Z{Mo&!HN z-JkvcLQb26eA)yy^ZjXWKUuJQY2=OIz-j0i>^ZmjP4kVrV7ED6S&TAcc!YRJm^ui< zGU2%SQTh)UH%p+#$1jsNL}-p*O((c;1Q}0)43qIP{VivQ z2fYb?3J)Z%4pB7*je{hs1a_-EX?+Zu05ym%N33pBADZ6M2Maoe;Idr)d?p&mPEGh`H7y$1bY9bj*)n0*Y(Fu@mgR5q_O<2W^3C8NmWSszTW1 zHk3t1+REou*@8KSLnafS&A>i69oi(%q6?Tb%p>Jn9v{L{DY)oWo$tTFBbLlZj6kyN zqj|7GuAsNW4!J1VDYT-G=O8RAa7wOL2P~qCAchD!HklF<;4h1mz1J~s*{DapW~18ak4Da&n_rOg$RcS*@|(m-LHz40oWy7N z;zcfrNqk2S*dhYr5Mu*&#_@my=*NltxwYRRn3s|HcNH%D*k^1_B4aojT$&b$F8+b{ z>ub0h_so*LY|mQpdo=u@*f{Zgv($V6OEQCL12}@=?+M}vTi~vmH{gevS$o5bcvKL( z1#t{}o%j`o9sZ9-$h)li1FI&sAcph7I;v-G+k{)4aC@D(ZT}x`ne%R`%g?KxE6T~` zAGo)^eaBaUdjcJ^4WX{0YY5-Hrr>61|3%Bh`;g^srbQ5Tw+?vTGP!*ZKGysY zX=&a1cz!m2&o1<=d*H6xb$71WSm0R>{n?ptCOdy)+LxMk7=O@Pmo)7x+S*A?JAig4 z+Jk6so6@w4Xct}4G&}y{jktLV(LQ@!)7GGU3UlgVwAavfqTPaDh_h&S!iJnBMaM2{ znh(86ZK8u6O(po8MGO~!mt3rC@oBoKX}$1fPL48)GS7Q3Bc zi^^N%1S2nHyg(GmZqB*kT7g0U9F5bRXyswF_RRs9{Niq+5@Lcebf%lvUIbH zw4;@%1^Y`krxO{i#CuOSOT+=&%brrY_1l~giya0gj5Y$aT%rV&a-SmWS1v=t(vfLO zpcyq5*j4WHPG+l|#?y$GVXP^^Gd@SX~fXY;pgY-b((j_zj#+OP| z;dL>u>sbxqWpPQ_rW6v^w}T73m2Qm7)IZ{NAJ_F(#uYh;jQ3vE7z($4#C?&9lhLzS z;C#O#^B(sd1L~LRFQdk3l8NOO-&x&vt0H`T`i(akt&>fjN8oW7kCjYl_Df0$vaCmT z=U`8Y4&E(fc*7@;rZ0@fvuSNy;HTKD*4Y!gns( zBRuk-c>NKpl`o9=#@ul|A(uI8#$mH@E=gB8zC!;QNzjkIWMhlXiE)M1T}d@Kt0Y>? zG>~5<4>nd^ri1r=_qdrQ%%HroiPAH$OZ7PqCWx>H*;fHe1`Hv3M9;t@dSWhz>#EOY zCb6}rg zbDN8SUdww_)3#@A#dYD%`=?>2FhkD9WRHhOJY*NO5r(}7ZE+1fJ(3h(RUENl7LQw-y-@? zM5764R{sU-xbdJZ$NYtlko#)>?fxIw-l8cRWE|N2k)@AR^+12j{yYsJ_vUOu(%sdB ze3kC{7VYjycIPC!4MGlAMx$FHp))6AE~d_GN2O-`6m~eeoDXMVC#{b9Q218#HC0tl zn{Lm7Y0mPzl@C=lTr;t!Z9;8zhq_bi(g+#IM(0rXoK`HuPI;brGjo^*8FGp0ES z%*mrU`8B5oIPMJ0`Wr69fL9~_W989HkdKyNaHy;PN~o)5I21mONne1hjJM`pL!a=O zsCzn{p{fIznRR_qBa)C9>A*4zb-&q&bXUzpD0~ScRzWNy*SlZyIyF8ye7i;* zg+OM0pk6a}e$Q*ZMyy3*FSJOC)oX5=+68RT?`j9t7eMm6~ZpJpj+o)YsnKY zgT{P-LnhHr$6<|>0rjG1`VdwZi%9=oL_Zu5tETVJ`Mz&?#=<8V*TEgpPfg&G0(1&2 zlM2%AnRza)k2j!ElHpxxo^nuwqg9w9)H&D^`0n)WLK+9~@3F}fvtA=U1g{*Rd;3?& z%M6CkP4K7ba{E;*a5n0}Z`i0>%DOr~`Q*uhoIn=IufAp(6Nx`+#5E*F_VUH+yrWIx z+j_z#Eg=puG44e?$1&mW;|XUxUi)Pl6GrBCIWGM0r)*6+hjBExG>c(#)(-FI4{$fO zO^|lBXNRz(ffuxmbBnEGcf}b<&aQI4#E4BA@oSA}ht=7xc7+j}HR3sqIE1}M-@~-g zwJ2}`whlZ}3HgYL6HG*()o|7$Vew5`e3lm9%HlVm%j7WQldvK58ED31lx^`_c>1zJ zU~xt0gU`QU&wqfB%OzhzBwRDrRWpW@j1%zL z9aX)Ex+A8l9jK3?K7@MHJyjh={p@{JO~E%kjGJIK>a+h<)kUcH;wx=HZNv)SkGci* zMbsUzE%)hyvAe43$7oWWY-6W)A^x108K<4MJe1Y=+cm1Hz3}(kT-l7{=)w4S%fbgX zo}UBFbJJSzqFe{TJa={r7R3qXS(9da-B6XvzIq<~u}`!JZF#x08II)D%7?JD;{7q2 zjiUp74)oLfWHU~ZWMAS`7(-U*+5>Wd-`;_zFl+2w=M7dCxTy_ZE%4J`IEv5NFob^Q zg$k!}|M1of7N6VRV^+AuKBcTFQ0`l7u$f_>&qdFHx5xp**5yEq1_~qxjJ`U0V z_F|C|2o`4u8JIs5zpd}*3sVVWxHvPI4_t~QR zEP*xXL*UgCzxRBO!s+-oeE=;=>||KSt#Go~ZT%NV9b_~Q?w9y*cD(^nj^E~ZJc@Dt z;KVJv6xqoy=EcRNgbjapK%|XuIIxiZ1Fi=CBFESBo}MU(o>L7r+?+?|JWU0-IY*?^ zxGdnZlFL<0$`A2tm1Dpu)pvnI&#{gBba43_CZVSk?`?CObO?@=it;7g22*jmj%6u4 zf^SiL8fLzx2gvfkJYkVW)-;*C#m0B8d6`rU8!c}FK z$Nzg^2(5U**}zg=W{KB_1a;MAkIx^ozJOy8saEk|iPV%?8p^e?ZGsCmWrkA~uupmF Ef51-1B>(^b diff --git a/integrated-security/web-overflow-client/_11/server.c b/integrated-security/web-overflow-client/_11/server.c index d0fc0db..6db2422 100644 --- a/integrated-security/web-overflow-client/_11/server.c +++ b/integrated-security/web-overflow-client/_11/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_12/server b/integrated-security/web-overflow-client/_12/server index 7ea48306caed2e5bf8d8a79334e7d670e47ea5ae..4fd107805789619b4294eafee09242f3240d0689 100755 GIT binary patch delta 3447 zcmZ`+3vg7`89rwp$?lTJE}P`u3uK?6gf^SqJjjwr$X$}iG6Mywv2jEtGon~QHbUCa zf(gY`(@omwALXIUkk0f$OKC8DkW?gTXGA-+Qb(QGK@Cow#umu~v;jhI|8vg0uwZ*K zd;W92@B9CA?m6eb_hht-_IJ@9*|pBC5>`Y_NdL2of9e=@aEy#Pp8Z>~y)Rqz`oKlQ zF`HHN3`?A%Ptl~|&lb}8YLz!^hBXVk5cW{X<h?`xqojvbvAq=Juncx^kdj%E>sqv%$Ob_KGIH|gkkw` z()<|x2+o@&P%SbfEUgf+%FkJ4h~ux(BGWe*NzU%g%$e2wV5# z8O!$85ppTpa~1myxAoT;{eiQthbZiD&&^GERT4ivLby4-*P{|G_X&8>oy^HE!Ut?| zH^e(X9{;wcX|Gx56hT!^Wx=D@HLbILcJJ<4t;HMf&fJ6RG?b6xc=wX$=P*Q~ zth$Ps+If0BJgaHRjtw7b+7R0&9QwQ<@{suCDNMb1_wyT(PS(%HJKsf*ZgA!W{YQoB zt!uZtgCGXs?!1NNEuz!)1=R*YY)9gg^O%hBWXB{9g2Ok$FZ1rCo8fX^?cxZk;yC11 zlywZZl-*R#7t9HqG8zBi8tjpCp+)k|{|J+Yd1QaV;|%mmwex#*{`gfMF>*8FlaM8c zO&&Yc$Yrzuw#%U`hY*WFehBTd0;lCF^%piVMlHsOcMR_+zjgf%AdNHlc;@z%X&1y9 zh$-cC-@rGOyG&GrKh2-lHjR19W;twZ9b-5f+?vghT<{(L z=a=y`?w%!W?95Vp9}PV$4vv){mg+HBlwX_kbDY7@Hw1BvZE$z>K6oSUS-uOR*gS|7_J8!D8}5j3b%UU_5yQj{vU4nH{Be}?Q!9j#oX3( zS3k}Cs!;PP;%s6E5fGdFckbEB2K+06L)(PsJNOMiT`O~>D8cqKtla@iJs#yJh;-J^ zBpfSYbJSG{RJJ5z^KQ+@EYcS z?4DJf@5UNdb$%ARJJvbd5bq9MM)MQPbW=yLwX7oZ_&bLfZU8R@Sl8ii^94;i42Ob2Wen%jgZ@TgA67P>od6E?t$|Kb8N0ij>=+p=ktkERF=OmxQg1mhw!b9T zJcqQy`jVB(uuEkjZz*PyP1eEj5{dT08zo_C0at0R*-a8?C2GU*a?QC!Ml12rbIlTQ zLUZZ2lpg)IW`tuedlN<*23jUj0!mp}k@YK;p<(I9G!bY*jSY69W;~#B8oxHY3}H=) zi_E}CS=eM*2-9W7xVZjuNil9{x>CQ&KX1k1~e+Inm~=qBoo_hzO%aTCPny$ z^&4y!S{MEipTI5pVEND#m6QmwY(#d4U}Y1pabk?6_wl+JMxx=84yI(!rf;f|W53tO zHLm77A2G@y@Gq5=BYJ#xIbnsLRJ6x<t8#p~ z{ur5X97hRYkFAMuCDmO?6}T!TTFf+1SSb%QR!-1?`|dbtW(hJN*KDNpEbLUnuKj5u z?0$CD#gYeuh#u23?wFp4%ixL{b{Kg$nGU6~3cF8FRv$FSqBl~PeRo-Dguz%FJq(pA z!Y(7ZhH*1k>4BYy8tb;sEznvRToJY#FOXiCTCvh(GDB5uvBNmN_>aaDwH5Y6P~|QO zI9?mI-}ui3rfQ?Gxy}ho>mqg|A8>Yc(HpNDr@l#(Fj%KyA`aF^?P{eM{~owfAEhrq I$(@V-3tYLpF#rGn delta 3440 zcmZ`+eNa@_6~A{s+z&zCx(n|;gxzIV zu+|EbtP9c2X)>BgTkK3Hv16xL`iH|v1pkOS?I3onAvTH7VzNYH(3lPp^!42P-r|TP#hpV&I^G zP~48u1N>E*d2KFw#ur|^dn9~?Gp z_Wi$dl4p3y7Hm^dj_` z12B&6BSshWnx!u9EH5?w@Y&t4%(5F!Te6|oVuF5)7sf48{si{PW~(W4n~e|yF|a{l z8(*n#&8BY-6j(*s!EH?liozevD6?UcRZMkj1eaboh{$|Bg9R}Iv|B|uYfVXAl7yO| z2hlM^!%65Y_#DwJTS{tO5^9BPn+R(V-I|2j;YmcB5#5`FroeuiD5oZk=#?Zk4gP?v zzC*aru_Sgbe1sWO>?x`5B%v-ywTrL}(KAVC1}sPPc|x&3U^HdS? zWt#gw+U+y!)*1GG2s_>B^&W+UFZ7MOnY!>IDmDFk@RBp?daw{XX>!(vBRAteRaNyp z^R0!D=_=3L_&`-7)l-M|PpM6waC>TK4k6vy=p1e@ZNf4Pw=e$%>~THjO+&{+6PnW` z&Ud$0a|&oqb)r{tEcrDY2El7+G8?cjT>o|6T-7kUmjBnF0T+OIlAfQ(myWELxt-VbpkGv+a zijX;jLniT$C!s+~hg#7)@4SY`)4maL3XY1E^LFd}>H9om;iHV3;kFnsJhXyGDxoG= zCl$>3%$n565vZ4Bcw1VkL^U{Gi8;cpy}N_|J%9U<#xehWV&=@$Ys6W|k%RQ*t_|`! z1HA#ipO<;yZ&={$J$wJnMzy;v+WO&#j~3(%vPgdU6-$^*{6-_LBQg3iU%b}a+9du` zPq<4)qRY%M)1$CH7S@QzDBI#U@$|)! zZf0>s=!4HcVb8yVu-h$PLnKl?5v`uUNpiET%b(Kj!2!3M9)VxGGpuziDr#NpJ-Y5z{c}4_&V1^p8`40Lw7=Xp2ysb`~Mtl z$`h#vn(}h#UO1k&igv(oo@hRXmE-K9`4%e-*|QuqE`{gYpldJ41p!A3o~W#`GnzNp zSm2=o>?;V+PB@9r*>DN{tSc2x<6hvc5o~^sqr<9ji+vVZQ=r`cltHkxl|0~3c+zBHBx$4( zP8W%^1uhi@qWS6R3A>xJ_*PlN18B46gQ7B#7D22` zl&f?f_Hk$JSuP1#&se&P%T^|#w@hj{&b;wWI`oB16w_sWq={=cFFee28vO;_<%!Fl zo}BdPy|TLmYwXNp?L6=AeJ)3tlqdBbXU?4w9Oa@cnzT1um9Fsk6=<`T!&tf)hL?!5 zzsobE;6N0ZSDsHdFs@4}|AIR4M%%RQ8AVyOW_3m74~qT8{?ac0x85~&jjyPuG!AQ( zfTMGk!c%tge*x^S8bh?-qM`kI4X%JIO297Yg^8tT4=uJSx~ahGP}y|VcHpOywMK}A z4q!<-Dgur~(GBP~WGqEQ6SLWI*mlu__f0l2~<_t*)G>B-`Oi Nb(!J(ayYC!_8%I(#RmWY diff --git a/integrated-security/web-overflow-client/_12/server.c b/integrated-security/web-overflow-client/_12/server.c index ca43484..9664449 100644 --- a/integrated-security/web-overflow-client/_12/server.c +++ b/integrated-security/web-overflow-client/_12/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_13/server b/integrated-security/web-overflow-client/_13/server index 05b1125ac12962cc2faa028ec93916a178241042..47192f00263a47d72f63784e813357705b0f43e3 100755 GIT binary patch delta 3510 zcmZ`+3vg7`89rw>kKHAYUGliQNH)89m|&Ca1_GN<0=p!UWeNqVaiGQm4hR;JM2LkJ zN)Te3*`$O1Si#mA(sA0-0SabXOj>McJA&2Ll!}86O6d4lE0TnV4G_Hj&N=tOiuGjf z`S1C@@Bh!g=bZoEo70{AP$%E%b}h^bGtpGf*rBH;{mOCLAu)E^@zgsN_U=qI>LwQt zM3yD1k!hJzjX6vTE?c=8+iJt|=BBkOyp*aZ*= z_^ODb7Ns7wki+_&?AJaYyY`#MDzv_TtvS&65!?9S{8bxiv$fPS5i&D7#(b=eJDI@p z=%{rK|2LhpY7|a#Q*+Wr3MRXsPIgli*Wx5Me^rn?m6j*Z;c+SK2jfd|({Qqz|4y=f zJ^qvsr=_XQbTV}&W!NSZk082OmevUm+ZnU4>$n$fcve_iu}ZYSW{|Iz20i8gf0zL0Y>zP+vn*6l0z;>~Mv5R`~rJlQ-&+#(c zJ%A&YnP1P?rA+TNj2mwo&o{?C1FjXEHe`*@Y0eL`=<#Drn&aEOVW#IiMnB7nW#^UQ z2exK4Mms);e_z-2SCYq-(e&(^qK9wjdPl?9_AO(2YkssV{cWsMUmnEKuBp$A6Q=eT z^lbK>zI+I`k17!fkxz*hDA7iGH@oU<-w=df5vhu3hKWysb2Qd?IvQ&jjCQ<&pik0_ zoad%rL!ovYj|awdJ=WfIR@eIwKump35xF2f-hs-Cc0IEUbgW@4+VK`Vy2zPZ=-;nY zC$Hb`PKxNIdvlAcTGgQQOR6SCtOxP&ITT|w);^3$F#TdWkb5`pqszH)qwNiMrj(!Z&QnqYfU?_Wli3UtF$FKqKA>>blaNd`m8^wf^gy%Ztc?yqw=mvx%hXnV7;=Y}#yTwAH|iX|@+gItFkG{&Q``NOh`{sG5*blU4LzK(K_+&8!5tw`hCjw_LS zBOPOn(XR5#fbW?%=|*(>d0YGq^5!q+<#t{y5^OSmKMnSf->KN zrQfPw@XdKkCi!L%FU%ufVd;{;p4avL_(3Z!==z(mmxpwH2W-)>uJ49@2lhPdYa_az zhF@&Q;VFZyzN+i=oPxWw!G2puRYz6;LONWj@m=(4 zWdIL3*W?^)7CQl}aU15#vF0#0tR`pAv1-goEt9|J*=c<5nX$zC!h&f1#HVPSk!MQ4 z<2F9ZOpPdEp$XD*Xl%3zns8xQ(&>h%50*0*vN|?Jv*;mMZ zuIQ<)Iw`%tlF8bP-OnQbw0y)B>L+C1Ep>aRC6znHK@5k@RHXegj=^~R_FWSdE{`Xe z*QM_u@sKum2pX5g&1|>%jv2lyJ<3-eefVae1YG!IK7}U%6D^OHhcr(Rte8=Jg^0FN z_DD>y{C?TD(6LaUvRx>}Z!`APEQvoD^P1oGvcwVPdGc3lo_$7q@p&VfJgBe-W#qre z{*>rFADQvZwUc_rh9ql6+9J=AoUp`a8b2eQ4r7)AjKrFlAGL-nn@+A8jaLW_mDad> z7S{~%p8LOk)GF$u$31Hq=L57U9B}PUQDJxEr6gJ|^#VO;6x>0h4rkESaKK@f;czNV zj!d)rj9T?kOC)r&a@+7Y5^XW{Mz-?3R5Lr^GHa_Jn<3gx+62^Gw}n{>t)t%A0lWG9 z*hM3==kRY+OQpHk)BCI17Vn#8^U delta 3507 zcmZ`+4Nz3q6~1qO*dIW4WtX=PVOa!>R$&2GR}AP|e#$bVtwwQl8WU_ZYWx8!OiZI= zt!&c`(z-cKCpvA1blNF)+9^t=br?<1Y5i$h)ER4xlSG`+bcse6V_K@{>v!LKt6MU? zGkeZG=R4=z!@cL+cj?t@f*7%UDYv1dhAM>EtaK8F>(t2 zkZjhZBxepy7QoW@v{aK>jjT;{?l5X%IqeZdr$@K)=%|Md3Fn;EMVd`@k>*=XQN#07 z|6fF=M`T8_8=rH1cEj@5^>;QWo;lKb>P+wU$o*pvy|mLfUCKw$$JsF-`<~!nT<4|Z z#!bQqT{DU#n>^$(duXL;2ldsO=%Q(s@PUe)H+kMLd(4v%!AFM;+0=(|^ z3A3LPFu!he(V*GW?@RLu#`WvksoK&`hb{RuXfe@{#YYK?r(_Ik^3CeV-DqRXzzjSo zjKo4&<$U)hQK?mwoT{u5hb*fTzU}$6+A3yxH9)04+5^pWJ%R-~19e+PI%dttoR^|C z(Q#;RK^sodrqSon=GihbSEgvKly4Jh5wsgpw02qy?M`TSq-Zl}mray1Q!@Ht3YtZ~ z2dWo{YV%eKI+;F3#0+~zW^antMVWSys-ZoaqRpWiXg5Q9CPnL^Eztf9+RG{0T>3e* ze}gujqRs2SV1HnG!!gzRSs7z@m6DtNUvnH3GB!v^?C!|YM~bq)KjB;}1c1Fci?OVN zdd9xU^4^EsJwc94katly+v{#AkXiWjiG-K4)7!xm_cQcrc9-knOf1ro-5ieIh<{g6 zlvC!LGbz_qRlMqT@B;m=p}fpri8nwaGz#%^1(#+?HX{1 z0y!mtW=+`n6{~6ucmcr3H3JsuiX^ZImY+x6IbRnJ(#4#*8Q+Fg7)x$}S!A$d_7khc z8gdjVv-l?uXpP5B&7v>QrF&$3#p98UVq)!-Q)oXP^6-5%WcibjeRNy&3rooB2?#4_ znWt2!rahh(`D3f*Q3sE3WUxK(zuWabV8r{!*u;%Eq5;RKPzngI^{TZ0wTjy zzs)Aq@0ZDd(;px8G7X6WxmksC9{z+ML1Y-&;3N*xro2}RKfQWn1;@{Hre8nZ)zg6?k)BOL!{Wrj5qMPZ7o5bDPaBK34zJbdYnf{UcRlo-GAwK^# zg}q+s5;W06c=sW-o9?@#;xmpty_I0<)%_}csjGitkU3LAIqWlgU@RQq$auGa`P?S#a zwcu}o=Z-4ME%5Zaijsl9v35P#AJ@OQxXffu8(FM}GF z4{ug)aq!E!9KSz9hy7DWF=#!0<;bFs+{HyzM?Y7T9{49m9wt1WX~<`kD;p*`eqgA} zOf$qYEa(A_{|di<)3)M*8aHaq&p+NtE8{dHH}gPs9lv7q(R)04635hsAODJ_B7^1?8Y#O#N z7d+(jUo{RoWxN_n$WcCw(4*y|YT-88n1hy9xQ%wWbDqw6z#FCWPFW3_N{lRvwb9`U zQRt+z6@J`F&Pum2oArW=0;3QlH{yjV@sO#^F^bGe+bUm{`t-M5G8Vtw4Tv>N!fX+H zD9!du4*da^wArHDETJ{9Ve|@Yd_}SfCqMH8kObyr<#b{;&t??VL4^TPN z#Dywe3N-nwOQMB1D}nKB_XI?tg$@K33h&d0fj>ye<5Fu0<{?;4HaJ)(y*=kC!ARHU zh(fMPOI2E{($$d81EWJHflrG_vCu4Ws z$&*zNwE{64=C$C81$?;z^(C@^yuf9to3txrpdRv+PjE!81@bnb@Ium2WQ9i zRr!mA4}O*MaZ+9H1C@?&Dm~CwoVa&Ja#o3wXwv?|Mz^f`FM!NPAxDL|bZwrP{tY!k z1`?5JN>vHIqQLs)syjk9-o+go*UEC^qNduq=PS!9%jWc#J^ik+Ke3=i5aP5{_B;F1 zWHn?TJ~DjdQw-W6i>yjRddn@K3$owt(EAXbXAjM_$+{?0Qz-bjNqcbn@XS;y7XR2Q`M>fO;xQAm&f z?V+=flHKJXTYb=$><$k#)dwG6E>`{c#wb>=;MRyW1Z^v;w9H= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_14/server b/integrated-security/web-overflow-client/_14/server index 05b1125ac12962cc2faa028ec93916a178241042..47192f00263a47d72f63784e813357705b0f43e3 100755 GIT binary patch delta 3510 zcmZ`+3vg7`89rw>kKHAYUGliQNH)89m|&Ca1_GN<0=p!UWeNqVaiGQm4hR;JM2LkJ zN)Te3*`$O1Si#mA(sA0-0SabXOj>McJA&2Ll!}86O6d4lE0TnV4G_Hj&N=tOiuGjf z`S1C@@Bh!g=bZoEo70{AP$%E%b}h^bGtpGf*rBH;{mOCLAu)E^@zgsN_U=qI>LwQt zM3yD1k!hJzjX6vTE?c=8+iJt|=BBkOyp*aZ*= z_^ODb7Ns7wki+_&?AJaYyY`#MDzv_TtvS&65!?9S{8bxiv$fPS5i&D7#(b=eJDI@p z=%{rK|2LhpY7|a#Q*+Wr3MRXsPIgli*Wx5Me^rn?m6j*Z;c+SK2jfd|({Qqz|4y=f zJ^qvsr=_XQbTV}&W!NSZk082OmevUm+ZnU4>$n$fcve_iu}ZYSW{|Iz20i8gf0zL0Y>zP+vn*6l0z;>~Mv5R`~rJlQ-&+#(c zJ%A&YnP1P?rA+TNj2mwo&o{?C1FjXEHe`*@Y0eL`=<#Drn&aEOVW#IiMnB7nW#^UQ z2exK4Mms);e_z-2SCYq-(e&(^qK9wjdPl?9_AO(2YkssV{cWsMUmnEKuBp$A6Q=eT z^lbK>zI+I`k17!fkxz*hDA7iGH@oU<-w=df5vhu3hKWysb2Qd?IvQ&jjCQ<&pik0_ zoad%rL!ovYj|awdJ=WfIR@eIwKump35xF2f-hs-Cc0IEUbgW@4+VK`Vy2zPZ=-;nY zC$Hb`PKxNIdvlAcTGgQQOR6SCtOxP&ITT|w);^3$F#TdWkb5`pqszH)qwNiMrj(!Z&QnqYfU?_Wli3UtF$FKqKA>>blaNd`m8^wf^gy%Ztc?yqw=mvx%hXnV7;=Y}#yTwAH|iX|@+gItFkG{&Q``NOh`{sG5*blU4LzK(K_+&8!5tw`hCjw_LS zBOPOn(XR5#fbW?%=|*(>d0YGq^5!q+<#t{y5^OSmKMnSf->KN zrQfPw@XdKkCi!L%FU%ufVd;{;p4avL_(3Z!==z(mmxpwH2W-)>uJ49@2lhPdYa_az zhF@&Q;VFZyzN+i=oPxWw!G2puRYz6;LONWj@m=(4 zWdIL3*W?^)7CQl}aU15#vF0#0tR`pAv1-goEt9|J*=c<5nX$zC!h&f1#HVPSk!MQ4 z<2F9ZOpPdEp$XD*Xl%3zns8xQ(&>h%50*0*vN|?Jv*;mMZ zuIQ<)Iw`%tlF8bP-OnQbw0y)B>L+C1Ep>aRC6znHK@5k@RHXegj=^~R_FWSdE{`Xe z*QM_u@sKum2pX5g&1|>%jv2lyJ<3-eefVae1YG!IK7}U%6D^OHhcr(Rte8=Jg^0FN z_DD>y{C?TD(6LaUvRx>}Z!`APEQvoD^P1oGvcwVPdGc3lo_$7q@p&VfJgBe-W#qre z{*>rFADQvZwUc_rh9ql6+9J=AoUp`a8b2eQ4r7)AjKrFlAGL-nn@+A8jaLW_mDad> z7S{~%p8LOk)GF$u$31Hq=L57U9B}PUQDJxEr6gJ|^#VO;6x>0h4rkESaKK@f;czNV zj!d)rj9T?kOC)r&a@+7Y5^XW{Mz-?3R5Lr^GHa_Jn<3gx+62^Gw}n{>t)t%A0lWG9 z*hM3==kRY+OQpHk)BCI17Vn#8^U delta 3507 zcmZ`+4Nz3q6~1qO*dIW4WtX=PVOa!>R$&2GR}AP|e#$bVtwwQl8WU_ZYWx8!OiZI= zt!&c`(z-cKCpvA1blNF)+9^t=br?<1Y5i$h)ER4xlSG`+bcse6V_K@{>v!LKt6MU? zGkeZG=R4=z!@cL+cj?t@f*7%UDYv1dhAM>EtaK8F>(t2 zkZjhZBxepy7QoW@v{aK>jjT;{?l5X%IqeZdr$@K)=%|Md3Fn;EMVd`@k>*=XQN#07 z|6fF=M`T8_8=rH1cEj@5^>;QWo;lKb>P+wU$o*pvy|mLfUCKw$$JsF-`<~!nT<4|Z z#!bQqT{DU#n>^$(duXL;2ldsO=%Q(s@PUe)H+kMLd(4v%!AFM;+0=(|^ z3A3LPFu!he(V*GW?@RLu#`WvksoK&`hb{RuXfe@{#YYK?r(_Ik^3CeV-DqRXzzjSo zjKo4&<$U)hQK?mwoT{u5hb*fTzU}$6+A3yxH9)04+5^pWJ%R-~19e+PI%dttoR^|C z(Q#;RK^sodrqSon=GihbSEgvKly4Jh5wsgpw02qy?M`TSq-Zl}mray1Q!@Ht3YtZ~ z2dWo{YV%eKI+;F3#0+~zW^antMVWSys-ZoaqRpWiXg5Q9CPnL^Eztf9+RG{0T>3e* ze}gujqRs2SV1HnG!!gzRSs7z@m6DtNUvnH3GB!v^?C!|YM~bq)KjB;}1c1Fci?OVN zdd9xU^4^EsJwc94katly+v{#AkXiWjiG-K4)7!xm_cQcrc9-knOf1ro-5ieIh<{g6 zlvC!LGbz_qRlMqT@B;m=p}fpri8nwaGz#%^1(#+?HX{1 z0y!mtW=+`n6{~6ucmcr3H3JsuiX^ZImY+x6IbRnJ(#4#*8Q+Fg7)x$}S!A$d_7khc z8gdjVv-l?uXpP5B&7v>QrF&$3#p98UVq)!-Q)oXP^6-5%WcibjeRNy&3rooB2?#4_ znWt2!rahh(`D3f*Q3sE3WUxK(zuWabV8r{!*u;%Eq5;RKPzngI^{TZ0wTjy zzs)Aq@0ZDd(;px8G7X6WxmksC9{z+ML1Y-&;3N*xro2}RKfQWn1;@{Hre8nZ)zg6?k)BOL!{Wrj5qMPZ7o5bDPaBK34zJbdYnf{UcRlo-GAwK^# zg}q+s5;W06c=sW-o9?@#;xmpty_I0<)%_}csjGitkU3LAIqWlgU@RQq$auGa`P?S#a zwcu}o=Z-4ME%5Zaijsl9v35P#AJ@OQxXffu8(FM}GF z4{ug)aq!E!9KSz9hy7DWF=#!0<;bFs+{HyzM?Y7T9{49m9wt1WX~<`kD;p*`eqgA} zOf$qYEa(A_{|di<)3)M*8aHaq&p+NtE8{dHH}gPs9lv7q(R)04635hsAODJ_B7^1?8Y#O#N z7d+(jUo{RoWxN_n$WcCw(4*y|YT-88n1hy9xQ%wWbDqw6z#FCWPFW3_N{lRvwb9`U zQRt+z6@J`F&Pum2oArW=0;3QlH{yjV@sO#^F^bGe+bUm{`t-M5G8Vtw4Tv>N!fX+H zD9!du4*da^wArHDETJ{9Ve|@Yd_}SfCqMH8kObyr<#b{;&t??VL4^TPN z#Dywe3N-nwOQMB1D}nKB_XI?tg$@K33h&d0fj>ye<5Fu0<{?;4HaJ)(y*=kC!ARHU zh(fMPOI2E{($$d81EWJHflrG_vCu4Ws z$&*zNwE{64=C$C81$?;z^(C@^yuf9to3txrpdRv+PjE!81@bnb@Ium2WQ9i zRr!mA4}O*MaZ+9H1C@?&Dm~CwoVa&Ja#o3wXwv?|Mz^f`FM!NPAxDL|bZwrP{tY!k z1`?5JN>vHIqQLs)syjk9-o+go*UEC^qNduq=PS!9%jWc#J^ik+Ke3=i5aP5{_B;F1 zWHn?TJ~DjdQw-W6i>yjRddn@K3$owt(EAXbXAjM_$+{?0Qz-bjNqcbn@XS;y7XR2Q`M>fO;xQAm&f z?V+=flHKJXTYb=$><$k#)dwG6E>`{c#wb>=;MRyW1Z^v;w9H= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_15/server b/integrated-security/web-overflow-client/_15/server index 090175498ded97da974f3c0bd3bf021b0f6d863f..779ebcb47745a58b0c626f7d23a16b80d554dda0 100755 GIT binary patch delta 3414 zcmZ`+4Nz3q6~1?uh252(U6$p&RoGovsA~c&KdTE=bXOp*Ee37GArn(!Cg!Kc2vu5b zwP4Mrvt8(r9MX`#8R&FcnXweYv=LfUY&%*rrg1V!hC~ywOF3li2uPsq^ItA1&oFmsGdn4f;X$kd-EX8mBL zzEHVA%rr?XVop&c;?Gzp=EkZZA1q0|z`byUN>;b3E}5QF5rs81poijmqJ!)z2t`^FO+sOCAUzj7fJ`!32*+wC!_m{|^eI?t zf1&aQ7Hag&ly6Z{Vv!w}6lDw@u%#~xA`^*Ep2W%vcRkyLbgXtU9DNrpy1KnFdQ}r@g>lI} zs1_M-E4!ujb-|p#kjd1C3vfiXL!0DYk*->#eaT`GhNS8hf5xI>9*1vmkHxn<4nnHz zqxZr(*-y8@KDm%qLciP;ykHa-)o2lpjPLi~o~^S;qrZ>m@65xHAkIO^;iu1ye8+L0 zj{4yB70cUmv4&X;<6p2C_6K5-ix+RD--s-ddL(ZrX0W)C_}Ax{vLErSid+#X`v@84 zaIbKP5ym_0OyG8}pdBZ?OFO+!FwZ0N?+V=J$q(5ML?$sB+=yO?Wqm*Qi)(oH4lj~+ zc0x-qwy}rBF){F?QDrfJH+w_I`xwI5w*)iD_Oq+%4E!M5*?x=>y9IGb5RvYm~_=z*q=w((h!&WxQH1kQrR5-SImRHeV(Qp7JoH_XmSni?io1*WA8a72g z4{ZxY7aPJ|h1U?iuWr@N@X=}G)SKXRHPb@qaJ9VRzNmBg9)7&}5wf>s*Aw1cKF%$0 z*YEsBP5r%f_pfrVh4*r^VLsP;|Maw?9LERhyrL*?qs*FBlqXTvq3lJen^Tl&lvhzE z;}e(Q=_x?jbX`&EP}XA!J&N)i%1)GP@rCd<$~rjcSxLL0-(zzepHUP{9B+Bp*Wj-l z*X@HhJRZl;r;5^z7FuIpP8LBbnDSh@OS5oSo>O=88hkC!X-LKbnt?re61@bGJP$30 zfxL~h3Fh)7Ln9{HHe$`ckYp{+2y$<0R7t>E=(G0VTbDHl@9`o5TMJ!OhSowKzDfFV zoC&8;&$2$qHSlEc)(Eu7W$iEq`HX!YS#v{4QGL#AQjpISMPbK+UjvxL?D6>^^cOus z-4H6Z!MH8~+`hlSZ*^|46i?!sbHx&68a6Bw6PZ;khy_|pzw78$?_-)f_CD94 zw{f6l5+&d$^EqVo(xmCI5@R~W(2P1pILLH7K~ATrN@FM~u@WzwDr51?VJ}0DUvg+y zFjY~#tYonKBdcA-G&Tp10wpZkBYugt!1Mm~^i_Dz|7(Y~o9yz#S_n1Mbr#YC{i|2f zM7X?Kq7L2{@qQEQp`$z@C0Cb5I@H~_LCzW%`eoWbsymhXdyCQRD;~R*8LHW zK{`HrPnN)E)T4Ti+fD)vNSkI*$EuTw@ebQX)pnOd*!t8fYAQ-A{t>sp6V%1Bp*bKq zijie2vReXcyLgX*F_u2S`&Kv=@RdZECVMt@PqiZZow}}e_x7nCUWS}<$uXe%XV(wb z_(4TE$UXmw_wTUY@lVaamOHLb$P8!o7&eP@r9H^;b?RfJz%Z_oi!+uJ?b4~5l1i{v zNVJIQfVV;(X{?x`BM*G_q@LBsh`hdu((`aI=(F}F3b(!ZIbkgmMiCuU3vN)Y!?kcd z=re0&IGY5ep*1GATB~ko4F#4ew*$YmtTn=DsGasf#Ri{MtF3X|4A#2gAfj5{w%7z( z4Wk=;Chh&v19KZT(o(3X_L;QP>xb6rfT>Tdi9Q&{+0s8IFjpObM{6ulUQ=w+ssUrG k2`s&9Eb11`!f1_xRXAE3Fa;~b>f7OZZGiq1O72ZQUCw| delta 3391 zcmZ`+4Nz3q6~1?WV0Q)C=PtbW5O$Zp1cR{rEF!7sTYk#YA*n`jaHD2R|~A6Buxr|K)rs+ ztVvN$?3zrG#j$C=CX)(9o9Ntb)WkwKL`6Z;tt1_l-~>GdRI_48*{S!Vy`c zaL!h5G2~lBS>Uop?25uCY}wOci$zRyX#l4lIE0#9JwiO{4A5f{;iM%Yab=9w1gB6t zh1x)jHV$r~HqDxl*chX=K)O|gdepYWXl?KeYWJgdZ;Unp4p>DwF{Yw7W6&h{4Wjx1 z;WqEapiAIy7%{a$~_C@&IR%T2sm8HO>Tt*&W=P}jGcWInVS3@>~nNEALe0_Hb+Ascq9BnRaHMT z-^_zlXLVQ0$nu|f#7Et^d(43KK}Govjq5H)fvGgn0_Vnqll=)CcRO ze3}Y}q$cH$7A;~GdIUO$_xS#IwN4<6`Tjbya2%4vV}WxTa20{cH~3a{-qx1vQ$$$6U0Oh_FxKxC z6A$?FXu#b0onEgYK}2qr<2Fxx$#$S~0;|D|*b6(-_GSL_KAyb;bEKV}&}mFG^pbW= zZm?bJsfd`sl3wXN&XDaIazsNugy+*;?JW%0p#hsUU>MVeKf<`-7m(lz{9x#jO2{XS zoMt5aJx$M2<}&|Xntz(+{~q&iL6e1UrpIp6XfxD`wQjajdBDBHzFWLM9 z2)JDGCDa6KX1Z!-a0y-Pr1DwPeQ0;N=-co!SBj;Pd3BkanUL}{7aGEWu4f{=E5^|A z3kbV1a*TLC`#07FFZmnlf)D%~{K2_~Ku`W0cJ=!DWe)>~r!3)XP~dK+TcFq73d08b z?>yrMc$Aq6DOpc#O1Pz}zs4VX^0um8M7}wqsvXF?k-v+)a#~fVkeA$5)dc)iyK%>t zBk%i4RqK&&#qwK_k0b9!UXM+D5&32~mh~h(4Mx!yEq1maxTZige^^2>r{BejXL*$obMGn@X}<1UBi69rhGTG!|VB8+7Bmio(`jE zXIZ0g826u#RZF1R1~KeMPh;7#jnZz`a3Hci(Rw^j5PtYM5MSBC0^OCKZc?&FIl5ibx~U&6ml*7%1Kuxvk{aQ9sfgDkqxqaxa=L|4`5}Hg zG7Y$5`X)Q{7`wSm2d6(_6#7=+E2`87ny!5|TfqS@);343fZ|4v!cdr@X16N<`2S_GjoQLff)*yoy!ZJZLafuVF4r=5(# zaGBJ6j9KF^>C^Wy+CAs=N~7;+uO4Lp?d^D|qt7>8O-|`q+3SD}cCE2-hUdG?=_I4_ zte$b<+8IG87iH0;{leO0h5N5YnT-sF(iL!hrMT!>9w7k>QDA9#4&BJGL8bf-b>JJd z?d2C0rMAAVvTAE_L2*IpV8OROF%CvnH&Ggfb&6N$k5hQae*Uayug?%_$Ko~ZnBH=$ z;ez6|+4Vle&a?SfSQTAVpw3@5-=ux`Ib@?1LjHE_K%vqrM0@PK{^rHbLv3_5TlE9u zfKa8^8oes8^D1lU5)i7q*62BQLS0pv^>Z diff --git a/integrated-security/web-overflow-client/_15/server.c b/integrated-security/web-overflow-client/_15/server.c index 410af62..62c2407 100644 --- a/integrated-security/web-overflow-client/_15/server.c +++ b/integrated-security/web-overflow-client/_15/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_2/server b/integrated-security/web-overflow-client/_2/server index 17ae1108b628f5edc63298dfbb7975fc6a4e0611..31e294ad9cb3a34a41d24c736d41f58b46150af5 100755 GIT binary patch delta 3509 zcmZ`+4Nz3q6~1?Of!&p#UHN%$QP{Wq1ZaU>1X-}6Zv}LnYSbDs*bs$Q6Vt>1QCe-a zV1%^HLWks#2GeFnI+?c47^-1f1JxAUPBd+7sG}K@F%dgSyJ=OxpA;4QdhWgN!N#|CFy64pdd$kFHXeqkT8bBv7HpZ}oH)}J6o{othD zKz)=L8J0N2n4*cs%UU4D)(Vy1%v!U+b74P~oQkeebd>^!>ATLlOrfdE6ux!PY1)$U z{~}JCgnHTpcJt<>rn9%&Q>QGuMmHCI^T^r02W>rh)3Dc^>sp91BRfJA(ncMGVQFyE z{3QJwTsBLfT4ZRl>;_+y{6drrLA+`$GJTtoGzJ=?R?#pQjv%8%%P<)w(_eFTc+eB= zr?4fa3C_hVgLrFd_7p~E%hHnigpCjrxr_I#O)gitW$P3NYps$?Up$UFRKcPz%J_B#5=e#;uP)qoD%PrHIx?pjOy{=u?O` zMWA+g1<{`(+7^Mv!daW-isw0st|x*`fP2U~BiKU`?0hJ&OOS7mjXN5FCc&eK)*(6) zfu=w=qFsoNMxZjBMDzrr;}K{oTt)PXJ$7(Sc5c)QjtuMdLPD-<**6BihWObTNv~?SepFu zk~>(aou|Xz8BGgy)LqiFVGO{gzAT6oBtC7&$_sYCSdVn5dM4QU9(r_xBPG*wM5xZ) zz26-KF$52#WS6vvLDv^lb%NN5#HW|B7=xjXNt^_yuZ7oAR?-u2Go>=G9aTY`atF#f zMp}yJRE>gp15+m9kM6>LIT>0cWkIR#k?;i%1&&IU3&L1bEaI^{Jfd$d;yH+yz4RGa zCYR9Nuv0Feo1tH>S2e5fs6>xo$H=ad&#%^1q%qzn)Az5#c|p7b0apoqY4F>wjV8Jg z{?rx#iDC7D+RbpC=Lp@y}bhWIy0r)p1QMnN<(iC<0=J zkpa6bJmBl-$BEq8o!%*!gUI}=9JhJ=Benw_%#or5@5kAF2b86!yMB&HXZ3WbdK!1>8XgL9cj*Q+ zrl-?Z_)&U_HJ5pXqBgKWik%N?!okqmNnS*MLC3=|mhQ>Ei`5=@cy;G{ftuBww*n6Z zI%jHv-32!h-nb_3Uhu#bYxrGAcQ?=iXmdBcu2{@&?_*CjJWd*$wmqGj!S6Hjm33Rb zR<-WIHJkF3r9d;&K*`MA^v5fjb_9RW)@zz}9_`HuO>0M+HK}QRXg@%E1?``wG%Xf? zu?-JTKH9R|nzjaQ4pz{1w6CJ=LYsuogY#&!pg%LGU^_Cp5 zcf|!( zJ8FD`McKz=oW3NLp`=u|1e^t4XD>d~S#$9ozf)jCft$+ET;QdB(2w^ia0+#fXgSXrbHLW>xu!y?t3zpr~-2XEH|RBTduTv157ihP%SY1JGaiI8`99C=o_X7Erur z;5Q}(9KLa!bIK=Crbxspw2?{u&W^D?MakxQqzyI{t#XYxRXysQF_Q$c9*z}Bv=`nk z^3pnRE=o2hk~3%}YQ_1I&B;VYEAiQr%@T1y^P=y#di2jdBNlsIm@wK1&|--aa20!9 zvi?nGXjlm|jSm`7V}(7aQ8QIe$LXSBw3Ik8t5d}+pDFBR@RUd{;|ot0>fb_1Z2gfn zzVr;%gG)#W%XWW>M4RAX$#Qxe-Y@x;%h*kR%upUc<$RNa^g{pQ92yOm7faN|`$FEY zW<9i(S>iHG38YQm{Y3DTx-l+OKg;`mt~*p}DR8iZsH#RP-2NVq!F>Gfy$c1-k0&zk zaNlvDerfdtYMdsSSnun9&j@X(Q-?X|bSpv>-i54;q&gzdwZ5^E_igy?`?a07ZBE`{5w*KU;IWDG0{ zl-d-%RuyOt_-8A(4If9W)xuDql^%lf6<()NTO+s`to6ViM2&S@pD55u7+T@A8PAVi zm|C%lejUmyy*A_Y)jsn8*?sT9 z)lpZvnVtD&X6JTi_V#*r(aXE&ZbfRz)Cd~}CFF8^+HX8!D%TM)HGZYU9nUbNI7l=Y z(Hw?kaUvQrMV7**#fD6(HDh9OQ82_(*g<7UF|8C6Rp1~!Csh>~HdO_NZxzIBFHZh{ z5s4X*2;dQ3@b39QUfQ_7wr2HSUuEwXwm089b^Iu76{f1W81!*=BtU*dMZ$D`I3}#4 z!*ETIL9;8MI235IZ-L$#J6yESpr3H$yj|JjP#hC5LI4igGNIW~O7B425u|6}gd+$e zXntMr!hl2R3#0_7uzFQ1R5@GWkTVwsoOT#=24KXg6piAVY_r<3*SZO@5gSVi$H+X5 zbGCaEpx7m=5|<4kY8s!gZO?_}E;-$A0GtM32WqC85uB*AL6=L0qpq~{*-2VE97F9b z)JBuEDexs~bKGg^O-Wi8pjtnzly8#O@6*`bO7x_l-y^X$Y}*XAqK+S4YVG z4FA_Cca4)f#>v|tn(6m7=V>H*`oxHzvD2H8>AvUSjm%E(qv^OvTV`W4b|djaUDr=J zZcc}6Z)M@KN4g%XAKSTYOmEAJcBSu|KuCWs8b`ZkwqX}WyQ<%W*Su2#8ECk3)G%7i zi~@#H&@gI(W8Tp8R0iZ5z&||Pdm-Y93UrQkHeQZ))(=Hvr!eTtkmK7w=L*`yPABrl zbiK3V`K!9#j{(@yCk!A3f#G&+vuM}5%?Nkak40mb&|^7__zLoO8CEABj(6W|00$wI zRTOG8gstDQsxp9=5E#B@!$mqfMsN{ael~PveU~19i&?ePR-#oDmt2o#9RqC@PpqCb zkRzBfNqqhgRwzDblmnBpOplCjc@Wqw*G@Wv-Nzyx`kF^9eG>6QxGe|ibKqA(vf|fqw2VAY*_*k7I32x5Hn2n zd)3bUerW}q`uL<58%PY1o0WLXL!Yw~=orFm@E{Jrx|}!izj%PPw{47UXBDbqZv8JC zWpaa^T359foVm5$lbAvOD+cfr12_jSbt?dH~18`f@E9oV=b(6aFdt%2F4C4|7!1;xv*-_rHp;RgKdwys}99vad0 zcH}FO??s+{SJ!VLPraw>Y4}YWun1-#-|`<_Uw}M}Uug~U!^n3bFT}pSh&%)*3Z5$N zxufer^d@yqk=@m$`1up+aR2xyL|TWRQp}$sZ6+u-r-(Qx^dedehtUwzAucJ+%K;y9WE8mY2B@!ux6BR6*yGTXI56Pv~&7%MxlEaKHO${=~;MxmaJaFQ=W*s zb2vxi9=rl^HpFZl4-nTN==);prNMr#qyH!l9_!aPahZhM&>qCnt(-GQ0h(5 zc*tJ-kzpej;;0>TYFrvLTW&5~(1IS(>_hB4Ph^%`Ger#=BH_nP+Ksml8!ZrzY{w3i zYJ!s0W9KCU!_GskwVN$w!DK?bCg`@V3hca^`E(9QwL!O4$5qf!8+P}Y-O&Rvlpg=< zfwL%C-6ev%F6_3tLxG06@Z-zHWgg!s#OrjtHRAPQcT=U2*(-3NK5RQ#4ew}E{tN6T B!ASrB diff --git a/integrated-security/web-overflow-client/_2/server.c b/integrated-security/web-overflow-client/_2/server.c index aee6ecc..56c87b4 100644 --- a/integrated-security/web-overflow-client/_2/server.c +++ b/integrated-security/web-overflow-client/_2/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_3/server b/integrated-security/web-overflow-client/_3/server index 521323519c6baf362b6638a8e3e696438037cd47..f111ca529f7cd48138118117c6a6fe25fa886fe3 100755 GIT binary patch delta 3414 zcmZ`+3s6+o89ry1h20fouM6C}1opwBUsU+=H&~jwAyOL z8q(P=bTB_@G)-nCGi_?eQVG*mNKKY@#z)5{Hce96(F8NGL4yKOQxxp&f6loVSJNJ5 z&wtMMegA*XJ?H%Q9)>&U(GJ?BNUNPHVMWx09NjHAcVihIE9{OBu#)O%L+Qmg;8X@@d`{>6#84v4)*)v z0~FRJG{bud%V4fGJ$DkLvt?;bf5t|LiA-agm5Jplw``q~V3k#N>5IovhbmaMz!|XH zD#I>oA{@it5o=;nvF@9ItO?E|dk#@G291Lxn+%Dz#H7_RXgpLPx)jm%F{l+bBf1IE z<`~otuOj*iqHQr~BK*ZByXNvaimEGyO@`aZN-^xA7pad>2L+nF?(YF(%gK@3yv)77e$18q2*rdzu)mPEx^{} zc*K%D)r4G2cHhE&!#({~M!)~8^aO?N&UvZL9+iYn4iRon?sKa|OZ_(d%o$0^EWihB zbvA^;7e~LRY1#?PoB~*qQl9h7ZA}Z;%aj0|Ai*uN%cnw}k z`I^^*!hKUh6k#H-5Y-9M4mh7u`t>SC_ymz4h-NgS3(+|gX&4SgYDPlg6BzV)Sep9s zl3SRl;gh5O8BL3{ul-ol1~C8|`hpYGy*=57DC&9BJ9UBSQ7w z^u6vNhykci%PnmcosO@l)(T=95|=JuGKM1U6F3MC-w3}>dw?E;>uFW<+fWt4AvdF} zJ=(hPj%uS|j^UKa=ttAAS4o9d*_*LI_elPVM}{5x`)=`&#dku!19KHW z-2%&$Qo0?sDTVY==uy_I(^lb8g&v{y==RdPm+KPJ81LfLy$f+x5N9ChDy1*=f5-KZ ziPpiN?@QlPiAl`n5dD(PVS6Cbe(v0z_0LBZNi&jn6UltF_j%+awgv4YI2+uFV-U&szVFNHc=&eDkUi{( zuEBu@pA_fB!p}xUG2~@drQE_d&)~Cy=wcpc$~R?fd2+Baq$eHYxGCRzw>p5`~aGbWG!$xTg9k*&=ew&Z8=c2Ce1$b9coxS5p+N_PGuXT~(`2tLrJtD5#c+L>`pdk$^Egr*%p`w7}Hw11n_ zv_yPj2@g*JTJ@%;twig`6nYx%5wsm>Gw_A*KH35}n4L$PVJO?_>cE(|aJ=MTU5!5l z$2|mBva{2>u4q~pdKiU$IoS-Zj>G*qZu&OV=6Fo!ufwxBZp+xeHEkR^b7X{no|8=# zIGwYCsvzacmNHyqXMaiVn+Z~Jiprxc)-3_4&@Xl4TbC6Vukj)QYYIIWqNUJJ4?qvL z(_jd7j^!#>;K|^n5onP|YO|`m$3Bm&c%h`I&Nq>u@}8z?>{#$?0JFGiyx$8wMNd&L z1Q$3VYKjA|{}lYr?BdNGPUA(speFopq2UPsb-ltpk={#U0wQp%m~Nc=O&C6 z1-ekC1Y8UKE=9jI85)*iOj8U^sIkIM)RbkboKDh3gJ>y{NC<`&viVG6t$?pob{SVN zU8rAHQrP+0`WZfuVrEq@5|*v*~+kB-xw#xW?VvuSa+ld}XrhupXaXKUm=h z6>Tq%{3l+2z-rfLMto!KxSo)4&YE%BY@T_kD#w@UkC6m@I7$}w*qRuZPTiF(0jXT3 zMN9+v>J0;EI;~{mR?=Vq(Ox~_di6ZSH<{|U z8)-O^01JYPZC*WBz0eX2%w}#Ierj21gn{55dI-uZ{gRPeQQQnxx?m@w#=5O`3bYCa zD*ZO&{m~7Rl`H6jP+sM?8K<`%TB-uJsGbv1=)>OZKPE6)6@aI!9Z*(XY%{U}=T;q< ieb+ejEt-IVY7Mh+peA5b%f;vq!_Ari{V9|@koR9$PrW_> delta 3391 zcmZ`+4Nz3q6~1?WV0Q)C=kD^}BD*Xs7>uyX&%%NQdCN~(8k0x`2d6QCNlZ0rB@>w> zjSR7}6W5j0&6#veChd^UbP_vFilsA68HwPuD$@+=)EZ+`g_+nc6?HY*Ap!Gx?t5=> zOQvUrbM86cIp?0e_n!MMLx=fe00yof_ZA?q=NU|EhVdP;wTDK)xP4FmM_oDTsBx@S<8hLwqQbh-n&(}SHE8`P$(jkZXx)j{Gf7qfcA@nhv|dWGX2H+V z`UzTNN!IM)^QL*-8|FO2zdeN9kqWL4KWu)RrfsuhVRvR)zmcTF!*T8z>O<_!B0@59 z8VUI_!}&Gp155PK61^9K7N@N8F8R2N17Ib;folt1>!b$?jgnNXo4qI~_zKVkc^l*hi7Q zljC;kUba~2hb*oXeQ-nf4C{owvtL+mPea=PdiIGocB zV;b}CTnid-y0f6t{qW}5SxNd0{@8bJO40?CHE~JmN4XQ_5tMniC21C=<&Gq!;je1N z4KG6Z>Q|Dq9%UVtzYXPal!s6jVH00KSp$D`KSYOM+HJ9aa!ZnMb!5s%-iUuyIPVao z=ex7UZb;G~MkFX32dn~59KM(Dq!Mh;&(S#U!NGi|z6j6!3HTtNr)S~M`EFVWGx^PQ z1C$o<`XF|TWw^EA52-L^%H}p$MLFXpRl2}l?B)9L(qzQ0VVPiaaSk=Z%f((S_9%`W zFoAxCI#Gsk|7Ge1qbG+OG>EdszI=>CsP;UrF&p5Z$4Mt4x731Dw^0E&?^W#>C*l{p z0L&#*nEG}JFMHUuMq-B6Qk&L<;Y=lHHNb%L6MR(28i{iIqTe zala{H)$a50v=iR))zQDeXTIOs6WeuLbq%2B3XPfc!@Cs^Q7ueY@H9*2#WJs#`4-0Q z_wn12r@<9dH`$`*cwYADm-){ahrvpGMO9eo1iV|x+b`lSufWy$eYPk^oKR2W6!X>J zMO1!^m1;3RrxA!jRQ%NRggrJ{e8{fYy{I$FgHk_FOCjp#?TxAr`&={HDsw{G7)p1` zJj6JR`Gu~xm^c2CL3JM!-E&s0H1Ur1s#%VqzZnm8;`yeU$*4LjdmS)h*BYaf@_e7l ze1>uRygK93wbKGu&D(jM@(Y`7q8z^tbw;@irIj#U#V>nI&X9(Mh_JG{fNo;guvmSI zTJVk9v;7%SY+m0|-|$qKr_56^?D@{e+Tr-RPD*3YDtfu06j4q&gcm*|2Sm|2nJUWK zq}p=p;JoNHnbkhT&NBrnjiRcG&=T-3Ht8UK4H= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_4/server b/integrated-security/web-overflow-client/_4/server index 36794bb15added4b01f550666f720615f7fd8135..a4cefefb1a35fb30fd78d5cd867b855405cf05cb 100755 GIT binary patch delta 3414 zcmZ`+eNa@_6~A|vh252pT^D$76?T`e3MsIBtS(THT|VO4!JtjZkj7M;iTS7@LX}oq zEm*VZ>?~x62NRRl8R#Fab}WT3ZG=XP%?vgf(>NK;kW>Xa%@i9V5R8M0eLeTy_i#1s zW%izXf4_6iJ@4Fm-n)!<(t%FeEn7F+e1tX86Eg5>&Tq`)W{#0@^Q)icoB9&OtPiZz z?JqHinI?%v%qfa!{2BAa+*sk`gJr1~cs3lQlGUYZxl}C|oS+|CJsCpBlOb$95YlZ+ z|9>7AbwYbl2WI{E60d|VR=u+@Id-J#wTZFjSB~wR`n(eM>$B}CsHR0nh>LVk3t?C) zoYwE8|9~mI1imO4TB7zsfk8fOkRgD-#weM-$4D9j+YKA&G*=u&#uY8YoI$34;Oxjy zTC|tKwwM<9C}usx8&_q`qj#2;wpGuY2+@%{IA(3G(#IvsQygqEN_I7Q9JTla%MzRd z2aFQzH^#y#{GBw$#uccxG05uR3bL0G^+ljj5NDDg))X7JIRcG_3Pj5hZHhpR(2VE{ zh_*zaW;llEFA?pCKx5$plVp$QF^aA`f=z(C$XX-V-UxOj369%1Z+Kw7Nt+K{us%&;k8NdAi_=E}=gtx?&K+|2h?4XJ_=PQ;n3{_Z z*k)@8gg%@8v7#trh84L`mROqk{9Q!})h-=6u%xs(16^^0n5U6cR1S2lJ+gv{ieJI& ziQjNJQSs2CP}<3qTtcZ{DD8zSiJos}Fd|J5F@k78F(V{RV@;}W^oe+r0UgYu&9{F!Q0$p!99=1AzpUV z0IZii^by!C=TQ&z$xXgXMqyEn7J=aC9?$*RdKYQ*_u1ludHAg$&V%3Xp|219(Eg~7 z=D_=_SGA{L4YL?VZ?YKnc*DWVm+z%thb)qMB=0A#VR0kz@2@arKj&K&ye?996&dDm zmvD#?Mmp?_;&yML9VfDvcY3#A-azK_Qrzart852?lNb$d#9;`h{3QM64Lo}XmPk80 zp@kUR$TQ-Y82HhsFdHB{wJPyb3}NK^g6U`b*;R24ewylNKhB7qg4i#JNnCdNIQkv= zk3z^9*8Q1v(@!IY31KU>GP7o3Rx8ZLm|5%pFiX8>R>sU;6lU?vY*Sao+sv*EbzW!=GY_dmWd^s&ETW9TdY zWB$-mL!c|~2Evcl<=hP%nlVm)2oC3Vng<=umbYA&bx!v)FKmC7>}uKZVs<(or{}ur zw|%Fk{*k&Ta$M!`NqQW;|Z1$70ih_ybEff11{FUIk zz3@RshJD}*Md?Nht+6jBiy$6MnNHor96Xfi(A~WO-_CRxVzGc`p*d5c6A;YIpe1l3 za|3OH`Ao^sh)K2$S+o8gV=YMZac}EXNx+)tw)Ws#mo+=@@gf0R@|;wL);u>o3Vk?E zhO?+=sq}FTJQ=(-0?l_?JB&U)W1mOXTu_)_pEeic<1*gvoeL}llep%5fkc^x4a>wt=G2iHeWw*B=~s{r*iyK`K5F$bm-jV2 zNg$hHuu!5s@Lr)C-$K@+B)yIFqLio+*GtkT5gDb#S5MMQ!~(5FKeBhL_c6^Kd!Osj z+bGati4w3EyX~@iY0`99i7}l5*p50z*vE7-e4LI`l}1ofVkOydwwT2;kG%|O9?7m< z!Bj={vXaR1kF0hT)7UgT3Y4&D4|*ip0&jRK>D%y$=l6DPH`(QfH9u;u)LBRm^sQY( zqhV^TMD4uK=lw?3Lq|zeT)HlSbf~*;gS2%{^vkq=#``|5*Sjt%&q8FpsQS2ft@{fe zgO&K~Jt+d8RgdaM@~Kf8Xg z#t$mWe(w2Q-d|$9{a>1YEq7d>kXg>^F>Ds+nj{~`*Q<{a2ZOjuI?h;5v`eRIO3J`m zD$#tV1KFkWP-E#V9eVOxr}eBphUCg7N-w}ZpWAvgTDU!mpA*)SVHnYVwcz^IIxL4< zKDSvb!?_qJ@~<|?UcAK=*>w(s4uc=q9iC!4Q+44UoFkkJ3=V~laQd3~kssUrG k@h-n>Eb11`!ElX&RXAMhHTg=#>W{;%S}%PK3LjqcU+1Q}a{vGU delta 3391 zcmZ`+eNa@_6~A{sV0Q)C$L{jpLs*ut1f#HgEUsA5w|tbPLsE_6;8Y__zKF((iA<8J zqgI%>0*RY5=|rc=kY>`vPCJFtOf!rh;2$weJ49zJ8plR#Yq~_##b}2H^!42P-r|-_ z?+oYMbAIP*@4e@~OJ6s=)J=~_LYqS&Y-p5_OX0;I+3X9rj@TE3FBe(EDVh`pfqDay zS(9R%*fp6VOJLJNO(vC!Hqp7=sENgJfQo{oTS+=9!EyS9;LO!*oVl8>6GDb9IsY#r z(IXNg*o;p(Pko*GNlVyX{(N;uVRZMQ^-pg6(+9A}SRiL&(7Eb}hwP_z!gOvpY1~F9 z;F?hc#Uz1bmY~V>D)d#E;DTu>y~vSsCh0A+WL}67JkW1&K(o1+-iEN*OFxHUvlpUh z{!gP5hRo7{C&5FF&p*2hRwnL({=`feN;JV}q6eahQvNjNWQ*0F{(_Yd12M3oa70%t zoU_$i2!$3=7PzbtyQ1(3TlP%YY!Q>)8o;Rs4xpw$kC2Eu1N2x#IAKXjULL14!AaCk zqBa<(O@N!I&9EjVH^pf!kZBd60ky4hS{po$+C8X!HBOrZd#$3J99PkyI5Y)*hp2u) zxXn9pXe#^-BPQ9Bl0S~qIw9F6!b;SB8mCQzO4PoH+Rx*(5^P89FHw6bPMZ$zqV_MS zjl^j)2F}}NOmEq9EZ-Cna!1X-G4PoE7)@%Gv9LQ6YagiUk%6f24D})Q_EJJpvT6wV zHpTrN%02Vs&Ux})2s+%Z<}8H-&kjf3jGcWMnd*8Hc00P9_m^Ojc1L3{bUpGjRaHMT z-&g|a&WgN^_f<7iJ9}{NtlFLx>`C6akdVPlG!FKZw__Iudn$hpuQ(s^q@dx!Y0YQ} zGxBIgUd^ZpPC9){{(&1Yn5_Z-vT^SBDcDsz9t?ekL7#&R*Rd6s(I#{@ zk~OQUU7ee*s_Gy{W~qlYAOV4i4s5ev&)dxich$}YLu2T%8KSP->~78K%*=fEmo?xx z_|o!yjhe9MdsZto;AsRVt{E^%S7#KHVEX0IllDXU5?n~DUc3UWf|znUnspAfmp!z~ z*N{)KWD@ym23jN+G>V=@lh|F%BjtM@V{k;QUi6-h_kYJD7C(%52yTg9S^#dzM~h&c zR7jn0Kx$S#v1k#i(IeP7w9EIutMviGnD4LC^Vi|92AqIw*+*X=*dVVnP%HdqQTo1F zY-d*E(7#y?yZl|9SFSu<{=XxN;J5c!z<6Lp11=*l@jBnC&Rg1&ozesD&;nwG@qRCw zc)(x90v62e^g0a*A#$Svw|V?4wga8xSPgE(ORz0tch1*$@$BuLCHvS3ox((e&uPcx zI@`6L%5O|y$*gi7W5`wwc|$`!f~PXw`&t>WO#?P*z!0X5e2j4;Pb0w<`03ySm5@`6 zoMt5Q6HU)j7BK%Entz7o|1R@yMU(k%riX4*XfxP`wHC1`{5U$gm# z5OllcG1P==r@LyWaoOGMr1DwHUD)S#(>LKgcbcV%d3Bjvn2@%D3yqOr*W*#%6{G0* zB}ClW`9{2-0~_i?V}Zu{(7nL=Kxnox*i$%*UA?Yh@%`YzNlWA^6lJy0&2S{E4TcQ% zKX|Sf;6YA0q~$)gG3lnN{uY1iiCe0A0r{q=s&*jnM*a@+swq{SL|%4BRg>^n?Zh2l zioEwfs@i~j3zpxC{0j1JWZ;BV@B}Q*%Q9q5!H@FXhRS=eHP3Bsz(ao;dh$g4CVrTgOM@_yS4Z1G z$QRA6*e;HNlKhK_FmB5b);JX&af8l1AQyUt4!ktkVAn7ou(2?U+TpcAFYSZlIM0L; zw6m;MIE?$xM;lm+vV>lX!X@_QV?%+8q8}UV7C2nwrlXKu;=t7FsRV-es&PnA@C%*~ z_Tq62Jyk4n3zyMK?69`PWwfC?;|oYH@;dpPpzxsa#7I&|8}yfmv;#&;ym&zfr7oj` z>_;wA0s)j<7%xzYkBZVXqev{Uv-B0YPk(2{VzGp(>RV0!3}5_9Z zIR;!YeUlw}jGf%3gVSFy3cbtl6;K#5+Q}#k z`K6Yl%o=}5ufC75?)gHmH1>}6>QVa9-j0Vl_I%UT~=kC>6J<1K+6a zFFd0tbq)1Z)muu7N{h+|ihgj)I1pXcOlbtxDqf*4LE$0$__Ln9KEtRTP1LlbddsbX z^NQDI*ZUAV&lXr_Rdi8-`hb6~Nqg~g$VMB41N*Q8g(|NQ>#=kCn-@C|wXxM~(+`XT z!c|^t?5e=dtE!`^AXIy;v2*N%`f9&*f3Cta?1vCabN_= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_5/server b/integrated-security/web-overflow-client/_5/server index fb483065d452087b53d92d4dfa05dcdaa2f77157..b746a34ded555b1ee555c97dcfc102bc23e665da 100755 GIT binary patch delta 3505 zcmZ`+4Nz3q6~1?Of!&3LU10a^L)bqcU<)jNvO+<31>!oR1*@bwF-B%I=1;{aDYjZM zijgdIFoz^)lZkXPZJe=0Wzq&(Q%szwQ`1jo#46?#MLa&nLNPbi1o_~e)C)Wxc2LRYQMEj(mIn^f4^uO`CRG`FYG?OGPEDI>htAHRMWyE#6#Mtl`t#| zj_IGG|A32n34#VEv>4i;IL`TEoD;(MEHgOiX-3inXpWmt$GGAMGM;!RMB|+FZO#r4 zdgB8W9!+S0j}qoUvN0of0==`mv}QbEB1A{-;Fz`O+#r`MQ5INalw>t~9JK}o%QBn^ z+l&%yH73D3_#84OS&CKL1Y~va8M5aQ4aT4bu$UxBG9_6WW6*f0L9`mtRWYa$)*<>d zqAf9~8D2y5RYcok&?NYiNs^O!jH2s_VN>8PvbGrZKn$A-g=Pr~%t@BRF=#qGg6IlF zM`BP1bR*h@=-C+53C9rqJ))yAXa;=+>2J9@mdif*Oc7rgWs|4rv*5A z1kYHCyN;0SDX!Z%Z@O>3NShCywXLSGIW5)R;trDV$>W5JlRI5OqS&8-pQlCAvkLGB zwx%_OJHHtFv7#s+#3dF$ReEL46L%G*vwmvlwkf669qzX5!#oXVp>nu;)=P;@)cgWo zNq@lOM#Y_zLTL$8@(85{q0|PSrI&vl=9ZwoQ@k z?1;)3`S4@noW$|7Q8Nj7S+(i!VFbfZ3SxlmXLrq8@Y5{U_8vw&C5WwpIEAZ@y@_sz z|DzD{F6;ily0O)WVLsSG%bD3aVOB592AJ8#|6!IjZRTTU>xEe|Gh5VM^E$JuLY;RJ zXMr6>KpdP)+_H@=cp1Ur4Z`vheC4BF4>P2wg5v{h+yS#)F8P;;bkL)SdSMgMc z(dXA;gUdy?!_Qm}V?MKr#4TnMhnY{B#=?xVM#F<}&gIR$gXJE2XhG+vp{50$ zUxk*2I;Wb#-Gw(0Ub1lJ-SEyU#<35<N%lv`yYF{c`ez{vSxk0kB@x? zo`y$%P}lJNh0AAps^PdV3r2nU%MD*D$|3wgZ(LQBk5QIK6=fI7)hPQ=W=tr`6_knB z6eS6N@d7+N1t{BYDat~WYq5kLM|lZl7s{phLiiZvYG}^RD|~ZYQT%94>JqH%OH_={ z3B+&%c+0`Q4xh#=igEzn&d!!kVLUx(uQm1^W$`=!6WMO>O^j-e0jKrJ*4?^VOT2!T zAt}MgzqTh3wnIsd+m(Z5HqLx#S~&FJ!#>hCZ^8N;A8mxaIrHT<+!rkr# zM9$3wTXA}jp`=2U1Z;(VTQ9!6S(AB>7ZO-p=%!BCSm>vH(2rvW97jFt+#uJ$1IF7j zpha$5yD`XT>?_Nf2TF<>ywQXppDBvMP8SQ5H~hJLJ^=kiYpDl9rD-stGl0i`3Vx&W zfVFrO*PJMpDAP#8Vl$DbIx?egZ;4%>NZMg>$$WXl7F4}X3q468jc}wyqP=js#7{H9 zR%+L$kv%9SYQ**IdOLBVl=$j)y+o|AvGhlBk9x1ue6i1h4!w;4Et4n#xy&y+)ytQr z!zz{O6hkxW7-379-%GNCoVKV+!zd}S5vz)u;drUr{1=XlwYun2%Rjh?jGgW6Lz0f}^kH*8r zSrV0bU&Q+btcUj528&OZLfX~ikOtlgH~MAT&+)#W>m8^t6k3TBZ@@wBUF+V%bCHV4 z=*<*3Kd?xi;kKhd1JZ(V)UoND#CV_Wlxn+17Pfx%?wgF#hJVB(a8@a-WkGX5l8cdL zE3(@MYioFqfiado%=?XSJm4?sV4Cc=shh0T$nVs3wM#uOZS?XQcxOxULDfII*09D; zF3JJ!`F-Ah!g~3intv^KT%V9}&gwC27H6J4$Z=lqII_SIT*Zeh%ZYZGRZU41*eWGj z#B?CP(mA-Sa-0r6{Jmp(RxpFkxvMBW3tNJITVK3z+s7`+*c>o~=zv;*18QMb!>yp- ztkq>S0ZKy^CXZUY9@rQP+$-gF{D!l(42DA6=>e#m=eKFaHiDbMS`TbNRLfgqnm}t| zXrAAsy-<2#V%~gRh90VFi_F^b#eY$rsjV>WQOjWu9H|YM?)}dL6SV<&yv_=<>xxZU oJz#WofqSnXtGY>17^+jSFo)^`reLL5{~@?lAD}No$%A?S1-?4H6951J delta 3518 zcmZ`+3v83u6~5Px_(4K`$4>tLhr}nY zAWDhXnh=V6)Tyo3DcwT@t<#ca(oj^|fKVx7qM%Unzk`=< zSMoXcobQ}-kI%j5`nq>Ny||wqlpJkNg|MMfLM|p|{MIf^;yNNsN?Z=u68V~x00#|5 zh*^`yxuD4uSq__)YciRqXcL_aMop}MJydi^x|O7(5*(%<6{P)|P1>*UN!kzl46FVB zFC@`J5+m4+t6goEdUtHNUv#&9YUl7Hk>L$xr%yOxr*XPmg2BeqBVO_X6$sP0;iz#F z9f4t^2#QGp$t=MN(+=pZGr@V&EcyvY&YGlG&60UCM({$P!3izq3VIU~<{I!-g(I~< z;hdFkGL&0I*}-Lv2#UfdtnMYS$|~l$HGoqu>_N?RJ%R;w2I#hm@UAsCZ%&rh1V>SO z9ktOcZ4P{a+G1O7-ij=(6-sO(EJkf>mevlBqjo21cVuaEVV6ym^RhB}ISb8)-y^D@ z5N`8&7Fqy*!-%=|+`L0sS{LNmMVO1)BU#!an1|Y@QTt(*R)Wo_{W)qcW@)FuTd4gD zYLi*o;{J2?G1IGp-}-rgklSk6wf;whH)(FGjEUVIY5H1K5B8@VYiS6v*Jcrt?`a_9 z%Y64el)ER$u?g}nh&tVcEgpqLPaaFT89TWRnOgXLc;4CNx<3;a>2Nkj<5!bEQC0N= z^R<~U#Z_Cn^1iCZ8`FDtrPU5kv^#I*WI_f?&^X#%(}8Um?Vk4{Y{Z0Tbfkb}TTC$?F%`?VH?yBgEc_yzP>1*yVmzWtij@v({S+ce-X zgo?^S&6=?D8&-2Q;7J5Vh7Gt#S1g5#;PP{zyXf1r13C!5XO$nnmx_%h+AaBmWy7C*Yu1KXt#3_ubM2lgm zR89@BM`}@iWz{0qqenD0*dF@tY9$cH^*$b*Sce@N@Gkh|5PhkCxxCb1xNC;rO_g_l zj{VG%9Q+qcqCMOd`}ETX^*@U!f?s~cB4z`B)_}_hjJ(A6Dt1Gw**ki`ty(}#G28EH z6A$>yOu*^mTfJ06;)q9fqQ5^ZpPfX#mc zQMX&ZfSP#YXjkJXR^81`Dxc-wf!%I5eFc8uF0!s*UR~xjOelJk3(d)B*W)SP6=%@# z5+vQeG9%v4k>!ix7b4Az;$KCUMdIn^Xm@!UyL##38TX@muUnH>AmCX;SHVF~8w?tR zKYC9X#Kjx8wXfT32-VS@FJzSo= zsj5NrCJh#WUDg%&F=1pZJ0GP;8}QS1T~&MG<7w06QOu_Y{WGH&CoG@!;3)O@!kEo` z6N-(Kg`XPg^Ky(erd*4aFsl>zX@;g!k9#e)%lj-w#tNri{IK6@%RM+y>c<VC*5F)gr~xR0m~2 ze|TkVHtRM^U=7+3c&<9=8}ch0&iuL$phSs-q;$OHt>P7ZT;n zyN>%K8RHWdp5`V*Cw?&>ZYCux{XHQOH~o#!0(u%Qh5jIC_Vbn=D1w#+27z?K+cghU zBMjGwbPA{CoYrx=ic$GK{%-jVSW^8IIQ1CMaGOp}f5s^E%*Gd7jfx=~hl-jKW}8TJr|8#&6Q2Z)~O+KGHMIJmPr|W28Q`7x2_)o{oBO za#UZHy-e6(S1KFF`FfvlI>M+trmr}$c1Cd2in55k&A#EnLWTSDUdNe_p>#G3&k-km zmq*COL=>1>TSk{NtY4|UNuBsU?%23iQ5G&R3yP!8Jwx&HY+otHE0*fNy@hI3%7LB>BSkJZn%wN6ub zpjL?2hi&8kfZ!BLnT8X<))2O3`a^<64dL-sm9{LZS#L3J6 diff --git a/integrated-security/web-overflow-client/_5/server.c b/integrated-security/web-overflow-client/_5/server.c index 82f0f21..9cf7e26 100644 --- a/integrated-security/web-overflow-client/_5/server.c +++ b/integrated-security/web-overflow-client/_5/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_6/server b/integrated-security/web-overflow-client/_6/server index abe582909feef55a253c174df3db32b9ffc0272f..4f8011874105d7fd5b060010928c6fabdf907eee 100755 GIT binary patch delta 3413 zcmZ`+4Nz3q6~1?uh252(T^IJfMc5w}3O2wlKe9qZcLm}))u1tCaAGR7n3xzNRB1HT ziZL{^v(Oa8ud@wKd0xy6ARI<8NEw`%WhNJXDYl~Otw0MPW3q*9A zbN-*lS)I_H)qz?6{d9XhsqM^#iq8*h+kKC6N9olX?<_6tnGc%?(UI#oW^H;!kV}@Q6j*DN9BT47Y6%LKB{&QA z870_jOolh{cg&ca;#X~xkk!Gb$eu+s7>6c6ib;ZGQ*z3>I5ZKe5nYC8Qygl9?T9{# zXlop5hQo-yjA%z3nhYP9Bu6TbQFJ|VY#Q7^)*8niiDMT+ky(O5b8^b@I5Zs|Ky(wL z!*Qq`x)JR{bTkf?;UuDOAvzw1X2N+yC(X$NYw`*V&suVf7mEqGsN`K5_^#zeT8N_u z@Q9_kY6-cN=DddUhTG5+#U&NkJ6y;sRfv4cyLxIy~LEbJJ&vGK3D;(i4KPBk|Q!Sb5>@=bDg?*3E?@pP)rISnOWUF`;$( z`t9Z*h(Wm5o>$&3CSBjs+9ZgbNPIPc#TbruPU9lDd?WnUeit2q%l4YZ5!4FflG{|dw%@i`M%FNbwSAWUus!-=`#93h1 z5D@3)b8fktEm*=VcL>Xm@r{pqW6Y4E3XWrJ+zCsaPRB11iPX(T>t=D6F5saMqt7nE z4yTjuho3v`#sX#)HLPb7yO~cKV&Ul8Xo=Je!U$7&DVw>t7ks9|;F>(ITS z$Xr9XyXZ2)8`dno5k5F+jC}}BS2Hbw4p-~z?qt2o_u!+=50M?MTOKRO;p3b_cm3vj zYU}S_vvIL|8JN7;P~a`t_|~MN9K#3NbU{%*LOD65C{LlxnpTuUC{LrDMETB)q9o%J zQ#?F{DE(IzWerLfR?t?IFQe>2nT+p)k5Fd8QExtNg1>ofj=ks;6USRF_OPWl>b%ysELxC~F^It^#PQIsh-oGT&xMy{6{;Y{u- z>IYArWGKKS+Xg~;ze%$C(}Ubwg(?YHi+t8zeCe|0;5~)_>x*1ehPEOfJp_F?w!;YO zSylwO2A&Mw8i5wOtR2Q6pRunaYi=khuJ=qQ1^G--6m~55Er3bP8lU$=U-3iK4WUvS z4C@lW?fWzQPUi-Te;n7G@k^9x*sw}WWLh1W(YL20L%)D@!1|I^j$vz%xxA(6Ng7!P zCrTvR3-6WqXbV_NGxRnxic-R~gm9KYWRwzLJwq=M3$&F!?&wjkW12hmI@h7MVW4Fa zCEzIYIb`+Dr0K8{V>*6lMja#UL7lKS$mtYSX$U1HR?-L~Wh|Z<>}BwjOAhS@rYfp; zm2{SWWVM@^#(MB5P{N`;P%hC{c%gg+{XLv1f6bxoCcFEv7DCO1It%HAz9soI5hj*M z)WQ2=-mhjobSzCs$+i{=)Y4sH9SamWn-exy!=aQ~er^{hSy4Xx&w40PxIKg)4c6>1h-klBaQ$i>E`zH8+8V~qV66xCAgbkUolT%MFu2lZ z(%v7vFtc(M{Q*?g_)OaAZGpC$fN4~%iBUL#v-$r^V5TMjTWc+_wAOFZssUrG4a~o5 gEb10b!(gp~RXA7|Fa;~c>i5Cbx&ZwJl-!m7Un()TNB{r; delta 3390 zcmZ`+4Qx}_6~5QcPHdA9KWyjOiS5`pp`j#pew@FKz;k{YXQCSn!omt|qW%m@8L1#E zte}jMsB@jHxJR8R+NNYv)iSl3vrJkS5eRH5%{Ee)XrPRhAeGG-e-4EyZ9?D9eeXGV zsdlBDbI=lKfw!qvHWjtOQTid@;8koIyozrFgf&kt z{eKaO8j)~dN7ci+B5vC$n5u*{r!(`-upW2;|lFg3_713ag!fX6Ja_R zjBwlO6kO#55Vbb2>1@!d-2<^YEu7aD(F-ziR%?4rXVWdl2yPhEn4wKqLT^J<=cgaQ zNu3`OX#Oc@fl-}p$ere<+;^YZ4J*@k!(h4-M$@%0p6-T3x~*Ua*JQ=&%-LojL_;(z zDIAH_qRd(K7DKUKu=BF45R)j%6IOO7Y|#suE(MUO8xEkRP>qm|It}#c1vsY9$gED$ zYGDMmH&7c&(Wb#o)H)0qnXM^WJva>ltU>M86s-{+L+w7)?n%*Rzliv`oYlT&TB`rIkB~c3!S$hsO-E?PRy!tkXKLM-l5}V&!9Ps{h`nA! zNLF40A)jTrzCgKef!wn|-VY(O%i5MFlF;ds2^V9hcOjFk--4IS5zGA*xJakDB^16E z|A8b)@9VCwfE-Ir{-*nq6mFb5xPMOS%nS8p4lE{Q*onrWzKTxl!cbrBkKjeiGItgl z9-L8(9%n{w#mKK1wZe!cu)@p$j{^M5D0{C(JYJ5@p-9WcP^57(6n-CrJ_`=(kw-3} zP55*?Z%&dTJ)5sc(l7>KOP^GLGz6x)vCTq#ueTu_X`Bm%C(vUHB&=RfuVQs-cA@(& z1vmXG#o4;>s5>T}Ov_pykBU&s+l9z^^-+!Fls+u*VV z=oVOSE2i~uz}6;ys#iSf(IeC|x;yZ{)%qL481JK*g?0FY0vrR6JwRU`+Gt;|q1Eu~ z+?=iz*z7Ea(f_a$E)YkjqLNO#s-{)`z6Kc@gcQGg5Zgwxe^m;u`rV6y@waMk$R7&iVC5-h;? zhQE{uInKxlM&gevdbVOK^WUlXI~4yj%zrDIEOgU8aPu&?4!ktkfxd=!EoOS0`IVv# z&L`OXO$fPM_6gL48)qVoGgv_vJE-z3>n?P;T=Z4=g)3X%%Df`Fb|z#$A`30?P~@?M z+!W*J_%Xy?o&pZ9=itWX@Iwr;>>9_6-4t(Amc+~swrpq@Z=^gyBy|*OkJo2K1By}U-jQlY2CDW30137m`k}~jD z1#!cRkav78No$b%G5xK`-$CAs+<`rO9(fUrc^{(vFzq$lkKL9etd2bLkv8C8A+8$( zXTCQlc2ko2(IYt=IAIyM67ZdT7k>Np=I3cL@4=CLm(GD_{sfHV3-knhl<%cB_&mRf ziV!Ribk*1`=Arh2x6)zK=-}5{L^C7O9k2uW2JuD0DPI1 zGm{u{ff5L!WW{*FGJI2%Wpe`2!wY3E+GFZ7D;bO3vl@&w3A9|GSc-DL-K4&Sk~TY3 zo3+r6HU##fO`%tm;p7*07$r)0QVl1|SvJ#1P2dR#_TDc8so!}z?$M)aa$r-mo&t;zg*?26uxG8;>wv`V0*5Us)rs5b0t&Bik_C1e9b=}wvU zFbbnpw)QueHU5%*bsv-6^P!q)@)_+{qYR?G2@iGh^`@%Hh`K6!9I(NzH8xJk>s^rP z6r=W8b;X6XC;E*hwGXlLjKNBSsEQ&q2dn0rv>(5QY;-_0*o7U)*ZKKmkDXPYyx4iDO;)o* zJuqg7*7*&|s{%W(u8GzGU+*_0&v64Z*H;;0YInpSjMDsnATWkfvb#)RXs9wIyTb;} m4OR1(i(cKn8HhGWcxyx(s|>9*O4iT8xyCBZsakkNT=rksg0tuV diff --git a/integrated-security/web-overflow-client/_6/server.c b/integrated-security/web-overflow-client/_6/server.c index d18e9ab..ef77a41 100644 --- a/integrated-security/web-overflow-client/_6/server.c +++ b/integrated-security/web-overflow-client/_6/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_7/server b/integrated-security/web-overflow-client/_7/server index 9a75fe2bf1d61a8de4f106620c40b0e3dc28521b..c0317d9ae97cc05880bcd7663ad3fa03a870dc9e 100755 GIT binary patch delta 3510 zcmZ`+4Nz3q6~1?Of!&pbU151|4X_J{Km+U|s|yt5Ek9wM(TX)>aH3UbVvJ3UP^HyY z3sy2y-;SPEg%1{#yK&BWSC)p2699g{%DOxMN;_>)1!zMgyUd$=*} zW!^pae&0Fgo;~-T_bwN^=}+}CCw)7{9SwA?a zH>kvknJ$T4%qfa^e9T2+Zmv@JU``qZo)7z|=sL_ZOwLC(|Ra$C&R*M>Rb_ z#Rn*CNN9m`3CkeKydZZPy|c8mE!b)y#6a%in6;^Dg-ezv8>}=-E-iT+wJU;U2~LN- zW(oF~6X8vKj+ql}KFu}(Sp$58>?K5%7}Nwdiv)?5L|bDF8V^;7RwBAF1~tPrM4v&l zB?h&^VMKq4Xh#g12!FRot|T6#=z3$=WVnZ{BZfT^!_J2ys|1DCMB7jdnhNU?U598S z22Fz=M7t3^8-vPl9MQKB9gjg5z!!*KwI+@f=H|y8v}c>I7ZY+_&Al=54f`v!5J&6r zh$Xx02)U7*c?aiB56oBU^O3WTCn)SpneS|IDpgV(98@}A zsknoM+I2GOomJIv=ekc+bqpP_r6&ZDhQyTvSb3qI7d9dtuAdEceTWu4U{A}*IwrKv z-F?s;1ThMarsewE#H9OcTI&R{1BojWSd5`?=M*l2%QwUC(jK9Q;bvNG!DiG7;gZ`> ztuxYAdS9ziFmGbWB>M4P*e5%oP4c8mnnm*0ET|QRrJ9FMVO24g!*{q#-+h-OkR*HQ z8dxU#=~~z!7tw0ymp3ZoW?@l_7NO3_PXAZabsA~(_u0&YiFiX0??ce#r!S3s-?hd- z{qVPk7PRMK5wjQ~U$Pi>2Ev_}F5S<+4Ot|ONPd;LiPeq7zi(mAe#-Z%^P0%n6=ayh z?ZP2O80)ax#O+>3J5J=!ZS@Ypyo}7}<+#t|AG0m!9LH#ICk{h6{YTkf-o(SVcb2rX zBU+BJjXf#ONgO{LRn9ob&!|cL6hj#Mu3!e)hW1pQfgfjNwhuAlX+i7}L==~e4xrz$ z|EPq#&ANA37kvUTObAd#ZUAO96E7lfxDq$i!<6uty+RIl}^%(x11J_jb1C*&#s(Jur9m+!}@1VSj^7Cm` zO~fBufQP3LW%F%SU4gOzOXw+-@1pER>Bkqs2Po@cUrt`p&n8vXi`Jwr!Op%!K74+S z7-o^Th1l2ODiwdkRa#I;vi@fv@^y4@UPN1H> zTHzXa@OWzmTI_aom=!)_pI_EIP*S`qYbrtEGgVdDsbg{ShI!!gLFg~uLOl>%oB|Pp z2|V7v!XFGCu=~bw&1s)RnMMj$p@mFoBP;sODsdX;kq%g0(%_0X6wT{>VI;|<5r#`7 z+6SjfytEP=i=D<4GJsN|W?au{bP^e*#8-D3C1Qux#XoTMYWF?e7yDiq&|3s(sYD65 zO1&;wyOilVtb&=24>qBW8Fr(NCr9D5O;Z{}Nr?k>PL#5Erm>eH%P+a~E1ssPU4~Lw z{*l$MdODkhDWrr&yU#Dt7I@iTP5%i0@c-VW?_rY}tln(xL5s3S=#HqhF@|6W;f8y(3FaMRs-&6@`1(yFcSGn2*1`FJ0jL zcp~{ew;cx>kd{xPj>8}m^8>cCn(bznu;oV|ZIiGB9Qa2(0%sM&S_W(iNG>0;Y(;hp zVQn+-F)+r`$9dlhCj#D*PNvCzo3^KVN&HD$SHIiy5=SqGA*)Ps9o77^>kVuCprRb) zp8vx8^Q?FMOZTtmj_VUL$ypg@<}@K_&1LmS$&Mi)f*{23%eDs<50YCdkDW)tfj#yqJvt&4Qh2*3AYumRWHM- z1XvtgYVl~b>Vei^V6JjI@KerOGmHk?=@BTe@jCR{ir{9j)(g84)$`VvBG6hGt?^p) z_eUR0*EG-yD6jQe^wV1jt+fHmfL0R&FpRUge|%uNHULl6*`ch?XVI$xW2+0yy=&~+ e7EQruor+aBS|6||B%fR6P delta 3508 zcmZ`+eQZ=X?}LqAd(UK`SMwrG-);9f>F_ zQOZbG+>jObh>BL-6e?9M)7plGKf0*20Zj$8iGq{?MI8hQT4#I(3R@_lZ@>HAbMR8_ zN113KLD2jGc>5|G?=Qr`ecmT>N~IBc7>`;^gL` zNYJW}lA5{nF^5VM-9mlL<|%r|&@Qt+ET$b?a?1uwHc*)k@UPtde4XRZ*M0pIGp(Nd z{~|IYA~TcI{IqAa`j^9Rcw1lH`oz1-pKScL?n2L@ZrX01=F36Q(d<}|y~7Xf#8mz_qCdI8Gew>b2 zLo@{XWwVF+ta48^Zc`E@cFCK$Ah*0n0Qaf(Qml5$aY(cX)^#aXCp`x1c359dv8GdtL-J*$WV9;<&7_Zj z8V5w<>`Or>&_59|-I<>8VT#p58BU4j!un~7HJj$a`Xa2yQ>-#=g!Nrm&!t!=((hsY zJFJNmtH0;8^S%zRrilZVxW`QC0W!47s1>VPJb_GM1TJ z!`SzkfgdpL95ZeoGj5@1R>0ektFY*?BSQh9j%|Tby}zJWvN}8uW?+)$tomr|O5)e5 zs(xv`I)f&9DyOV`psKOjk)16gYIAP1Gh^F$#(Hx=j&_zeqY9&)^L|5HJyV03AnqL2 zNo9f*)JY+ow1N(M!ZWU7BYN|6;5(=0y%>0+49?Mx`g75a+JR{7O9Xw6{N8uwoCha% zERj2+svYf5T~yUxL>5yY(SbAogKa3YXy@Jrz#X+C(bySytfC=re%@}Kb@cvN_bobb zfWp}Y;d*_r{U@xsI`9mD!AmAg($PMINih9v>dbzWw@`m}_4Hb>qL^|cXzhK?We-`! zI`Sz}W{C^;X^rfqdMW7t52{OeWd6kCl7r$>)uaOk;ouKi$l`|~iEcS#{ParSo$nSLI6M8x)(Ap?~4Lb0Y4jjj{i4PGs@eBl3U{mjpDr27u z@r4kHU+Q)-WwG$zto!?Q|M!LeI#9;CSsuFG1E;qU*QPkqS8&@R)whIS2{`C~Ec)+L zG!XEefhATu+)+D>B@Bq8s`WDOP-`H--=IGPvh6E`SBG_t7-Y}U2K9+($74fUS)7F9 z*OUn46_{~BN0!&c&P3|#Vs|6UBC(PBXlLOF%6jRd=?|hiuh|n9sVH|1UqyRz8>!Fa z`g8EINm{giOVip->o+|g+`K8+xcOI2!P&*Qs%TPv;Y!PORs9nd;Lr_K?T21Aq^fPu zZP5Fm=iE}&YtS=pt73W=knb7<0sp=x=C-IfmLH9%NhOR+n_d_qE{rQg+9>1xo zA$YSIn@il*#rRx?4a=^zDUdbzEWW0y-E=oU-**oAbiqH_{OE{$9;K2gxvL~(Gv9(? z?ReL3P1PA`=5kBA&CUetulSVXu!Y30_b5KqEN~g7%lOowkiHPnlQ_CTe8kWAcl6Pe ze6G;xDGPn;P>#tQ1uSxJ1E-;+Z5E+DQD|il$Iy(Gw<@on9{r@RO8Rl0^f~ zWn3nA=%TsLt>D>EK(68eguYcQX$-H~!CbVY#A|lKUFdPF3wojNlv~k)rV2C5WQ}yN zMB;69q9nxq7~-GzHZ}jmy9KDcN1a_5HFKB zmZB`=a~UtNBxj?+SxjrdVYCe#mak}V@^`)$BhK8I@kp7-<`$%j^1_lY`JU705cjo? z2d8)m(B!)=iRNLiI1}0K2ur+y-VQI|f1|I%pZJp7b<3bez?@)mu{PRY{s=eIrE-Z+ z)MTM1t2DVvNZ$jTtjQ*_djLx>ly@Nf6&cI|}2KAB1?Bwj-C3dvVvaKsxy zw6&TPbqJJi)?~Yo)K?*|d0VjYO}dPIOrG_xj7*b{cdd32=^*$n9O~qo(Fo2C8?%Zh ziD=>~744`t-&su#3hBFV%s6)K%;c_=d=hF}e8YuaMf2Bc9KAe&@>z6gwlwZ>EkZgH zQD{Av`D+~6D(RI#Urh#KzCKh zovg7_#zPyG2WxUQ8;t{#Me(YTBY9Pz@~Rf%%(<&Wj^sJ^Q(bk1W0z4KyC{ay=>Hx% zfl;!$T;!;!a3rfkrn;Jn(aXhdY~L`&YgF7C@!AT|NUx28@ AzyJUM diff --git a/integrated-security/web-overflow-client/_7/server.c b/integrated-security/web-overflow-client/_7/server.c index 271ca17..72a6e6e 100644 --- a/integrated-security/web-overflow-client/_7/server.c +++ b/integrated-security/web-overflow-client/_7/server.c @@ -106,11 +106,9 @@ int challenge(int argc, char **argv, char **envp) assert(bind(server_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)) >= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_8/server b/integrated-security/web-overflow-client/_8/server index 2d4ad258f99f720c72b744d52bd4aa0421dbd1a1..9c790988dbe05ebed6f8f19b2c87db1debc30801 100755 GIT binary patch delta 3509 zcmZ`+4Nz3q6~1?upWT(8U0HZwsa915hEW2nls1{zXmJJGahLsQL=jEUGu+O;wK_>-byU(dbwJ=mD^ zGVh*yzwexL&z^hFdzZ0JdZLqd%eDf zcgF=NY>jV%H{(}Al4())GySeD== zu+JpHUQ+_RgwJtPLZV-@jYrl1?;?8vQ6&nEfkd+e3Fd^v4N+(ulq0$V(fTOV1UnIZ z4AG`2)B?{V`V&OkqR<5Ri&=6c@fbzd9mOWY9b|1$?9nK8A$TnkH)F!7wLT5$@7iSJ;C`3*D2K+cBY){X} zAJ~#o6YBUN@@-XBUyWUm56kUkS&!UN)sCv!gZpOH7H6m{@omi0U^*&?x|Tk@fQj;- z!L#;zTuxLxI3tvRDY=BwdZDxj-nEx}{)>!o3nE?+O(-J8XdDXHjD^BgcF$)B=t!wIQk@ntM3=JDh$?$JN*@$Zl% z`{*uMDVNYz*d=@ER_K-M6{1;Gphc*Ccz4Msvo&GjY5ZX3?mV0q#On}rl+b7Uzv;No zKsUjk7BAXgjWx_-82*^WusaZLzi?qb{a$2|G$Q#)!Y+t^-@uf8pKn$Bgh-iLbJ!>x zVuaBSJ7c)RQ)tJD+_|0JC72_~d{~CtJpLZrf%b8X1~*~|!b`s6{`fkcy?wJ}KRcnD zaiPJ7#4(BGN27cxF4UG7@Ao|#Lc9l=UchfWWkK!9?@KHhR6@&?)$S=|D;D1#@ zUSZwuSQpub80Ld5bcC7h6lPVzYyyLgG=GL!`n=hL%`q?vM=RXBDdo1|Izq$UyyubbjU^j9=I24flS?AuuF!TZ;AycMij({UrX zDcCVv6YBC_NBF+Ad3Qnwub3ilK!&q{dZEqPbjlTDbow58tl?qO*tGre+)O^s%y+Hd z`sK>?Us}64&$R-mCmmd#+|7TyqN>O72W^{B)pIDXPpax6lvz`%dKl$9D6gRW^R%ia z;4e1g;mJo?dQ(-`qRhbx+JW)~l$|K;_&zv?G7EY=Io=)U&4<>cGTzEQM1Fh@A% zEercfe5@G7QMlppl>Oi%RqaN5y|K?Ii|3zc#XfqZD#`kUp&~KP5J`x~+F|?)_?(7~ zStQ;ia_LUYl#9NpS=Pxr+>7Y6h;476CH1RTXa zhpgSnbRAa0OveumsAGaw)KNSNrxP`$L6nr(FshMa7SA;HGPp}5hknD;6t%mMo#h`{ z{idh0ZcHI1EZPGl5^aJbC9CLZc)R3R4t+QIF+=qrYA!TbNe}cc&7pB{X{kgVyf5JW z8rDNwX-s0KA(^ykyPpE?Wlr?Vw7X+oJO&H#xA!a&I6t1q zyv}XMfd-^Clc-}e$i#G)?W|_I-63rG(MQ`PECCz-5tqPY5MwPJ8Um8Tk1Sh}T|!vf z&U*}uv2+XXn_(p2D{N<)?6+xqs+YuXwRQEYJuh+e@;tapCC4$%KfB$q#t$mWKJNJs zyg$!+$G>#{dhWPBA(NanV%RLsoK%J5E481I2q$rsOq{Wt=yzJplq?5ZnM4bi4&;`} z{k3J2w13MNhK#H}`sG#il#W8H;(zj%p{s%uW!#)52 delta 3506 zcmZ`+4Qy1$5#GIb=lijZ-@|u)?-~1i#x_3%`}}ionAq^nKjkcu*3_6n8xkWRfe^q1 zTY&>K%#`8G#Clmb0KgLQruwjI=k;Z zxH{@eH?uR}%0ebNOJ*Y_S*&1QPpoCnE&;GebOy@cxrpGUpx#L-e6bFe0 zBbvjIEKWp2rpVIRwA7GEt!7M2E((TN4*RGqDW;WTq6!?LXQY}U!=|Rl@U4NE?WyVi zFCsA`5&=BIlipK*NPazEuAYBy?Y;JM1<&vNMr3Fg>=tIJ`55$Jb|gT)O+~_VemE{{ zqGNDHkU_I6pg0s*Y2N_@b#^#!pG)88$XUDcibHWs!3Y63YRiT;M>)L(aYvB82PYgs zNTT^w!3)CG9x%qXMz!&204NYQ%Wan$Zc?T!>}2JCUmYGz7C-%UZY;8%#6 z1;TA!OF^f?-!Wo_CnK{zMeBu3j|?@aJ(i-)fm+l)huZg2v5@S*7YF_z?ME?0BHz}bzz%DdtYrsxTkR<8oPiVt0CztDm-9VoxDHUeY*i1 zfly9KsMQd5f5EE80M;TfcEyH^^mHe25nO%&^yYk-9)|Nd^|RNbRTP)pjAq@#omG#l znhoR_rc4qa-G?=b4_f8GG}-jX`ho|AgL3_})7X71;?d7|#PUZG2jQk1q%GiALUa|h zD5Z2U>{HsbQJ3LSj~>zP;f~P%?$!vx81HZ6llS4b2JjXXsv-K);0m?HMnmw6X}No6 zVzaXxhX2iS=m__8fB4~}?axFM!B0MA0aJmycnctK34yVf_)&G=G`4IE5f*T(5fC#> z^?T0F{eEHvob~XeTMQ(I$n|PG=FyMX33QKQHh2(+VN>3&!hhVw+S@Zh_Oc39F}IDkr0X$&<30yVNk6{yQk>Cbw8Two& zxf4bDf{ z{AUpL`_&7mi8YS*G>+pA`dOj!S=L?H>-W>|!;k$ru9eKI$FYV9ISaYanuzv1p5#q2 zf{q_R!e3Y-;Po6?(GE#q8d)BRO|(XPODC|YTb9m#5Z!;nmADLL1#9SPI9SjQ z!#43Z0lOeC-MGDD{g#beo(XK-5@_H0d`DnGc^M(_SW)S!t2cE0m$(5xxT)*sk%yAH z-i3S}^4E~(-q!US$kXrWdIo;eCM<%v$anll*Owv><5${%{7vKskQZZLpGO{o6Gbyi z`)}!b5WPu*Q)G8_Iez|#I@~`#ijg+pryR2w0AF!Y^|6n2y$}7Zk%tqO&kW4xHd8iE z5nr^`XQtT_8BXj0hW`{l_h4IbL9GvKEy#YmEh}M$z|0g>UByo^_R%{mx`pF3fFJfF zehU6tTtowKyLgEj#cs56WH8IU3vIN)WhK9N;>IdcvsYsXSz+=3sHH)v3-4(**v-!e ztST*_BJ3;;(g8Sv^L#jscCN)5hq31PXa{#$fz;>HxWs;J+0dZ6?5j4>1uvKR=?D~7 zWW%UuIaNRkUKWNW4Id39AeN6}=-cHox9|yWBEqr?pWs1v#?wh3@+In7N#j9Ni9oVQ zI~=W$X&0QX2+|smDt$sW=|?V80uhva7%x(Z@0iLQK_)KPR{4TDU_R}vSnO`MVXRT0 zRWk0OS`}19^ZjMnY&LD0VGY_4*oiiQB8|h=ulx{7lt`o;PE@gMZX*?;FeIziYmS>E zxz8tFtm0*eTCX|_EyS~;gk`%gB-1uH6k1IG3?GDkty;&$YYELGXgSp;k}h~--b^aM zm3cDF<+PO3I!;$Jsy@KVnr_1#GY>i2Ty7h;>EiT|0)EGFWD60(hNIpjD)>!nSZxx=y`>semYcyWm*C8u&g$i zHtdDK#(GW(S&*ILF>ojf2(x$rlrz*=T%jON1J@&RRm|WCGX#$pML1`dO z;~@v|M~01jh@*DIsc~tG`Y_vl>vKKp0 zstZb1kDZka3_B0C)^4_&1(OZ&x}e*-DzNkFme7SD)d$^H9oIlpec0V^c1J(NP= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80."); diff --git a/integrated-security/web-overflow-client/_9/server b/integrated-security/web-overflow-client/_9/server index 36794bb15added4b01f550666f720615f7fd8135..a4cefefb1a35fb30fd78d5cd867b855405cf05cb 100755 GIT binary patch delta 3414 zcmZ`+eNa@_6~A|vh252pT^D$76?T`e3MsIBtS(THT|VO4!JtjZkj7M;iTS7@LX}oq zEm*VZ>?~x62NRRl8R#Fab}WT3ZG=XP%?vgf(>NK;kW>Xa%@i9V5R8M0eLeTy_i#1s zW%izXf4_6iJ@4Fm-n)!<(t%FeEn7F+e1tX86Eg5>&Tq`)W{#0@^Q)icoB9&OtPiZz z?JqHinI?%v%qfa!{2BAa+*sk`gJr1~cs3lQlGUYZxl}C|oS+|CJsCpBlOb$95YlZ+ z|9>7AbwYbl2WI{E60d|VR=u+@Id-J#wTZFjSB~wR`n(eM>$B}CsHR0nh>LVk3t?C) zoYwE8|9~mI1imO4TB7zsfk8fOkRgD-#weM-$4D9j+YKA&G*=u&#uY8YoI$34;Oxjy zTC|tKwwM<9C}usx8&_q`qj#2;wpGuY2+@%{IA(3G(#IvsQygqEN_I7Q9JTla%MzRd z2aFQzH^#y#{GBw$#uccxG05uR3bL0G^+ljj5NDDg))X7JIRcG_3Pj5hZHhpR(2VE{ zh_*zaW;llEFA?pCKx5$plVp$QF^aA`f=z(C$XX-V-UxOj369%1Z+Kw7Nt+K{us%&;k8NdAi_=E}=gtx?&K+|2h?4XJ_=PQ;n3{_Z z*k)@8gg%@8v7#trh84L`mROqk{9Q!})h-=6u%xs(16^^0n5U6cR1S2lJ+gv{ieJI& ziQjNJQSs2CP}<3qTtcZ{DD8zSiJos}Fd|J5F@k78F(V{RV@;}W^oe+r0UgYu&9{F!Q0$p!99=1AzpUV z0IZii^by!C=TQ&z$xXgXMqyEn7J=aC9?$*RdKYQ*_u1ludHAg$&V%3Xp|219(Eg~7 z=D_=_SGA{L4YL?VZ?YKnc*DWVm+z%thb)qMB=0A#VR0kz@2@arKj&K&ye?996&dDm zmvD#?Mmp?_;&yML9VfDvcY3#A-azK_Qrzart852?lNb$d#9;`h{3QM64Lo}XmPk80 zp@kUR$TQ-Y82HhsFdHB{wJPyb3}NK^g6U`b*;R24ewylNKhB7qg4i#JNnCdNIQkv= zk3z^9*8Q1v(@!IY31KU>GP7o3Rx8ZLm|5%pFiX8>R>sU;6lU?vY*Sao+sv*EbzW!=GY_dmWd^s&ETW9TdY zWB$-mL!c|~2Evcl<=hP%nlVm)2oC3Vng<=umbYA&bx!v)FKmC7>}uKZVs<(or{}ur zw|%Fk{*k&Ta$M!`NqQW;|Z1$70ih_ybEff11{FUIk zz3@RshJD}*Md?Nht+6jBiy$6MnNHor96Xfi(A~WO-_CRxVzGc`p*d5c6A;YIpe1l3 za|3OH`Ao^sh)K2$S+o8gV=YMZac}EXNx+)tw)Ws#mo+=@@gf0R@|;wL);u>o3Vk?E zhO?+=sq}FTJQ=(-0?l_?JB&U)W1mOXTu_)_pEeic<1*gvoeL}llep%5fkc^x4a>wt=G2iHeWw*B=~s{r*iyK`K5F$bm-jV2 zNg$hHuu!5s@Lr)C-$K@+B)yIFqLio+*GtkT5gDb#S5MMQ!~(5FKeBhL_c6^Kd!Osj z+bGati4w3EyX~@iY0`99i7}l5*p50z*vE7-e4LI`l}1ofVkOydwwT2;kG%|O9?7m< z!Bj={vXaR1kF0hT)7UgT3Y4&D4|*ip0&jRK>D%y$=l6DPH`(QfH9u;u)LBRm^sQY( zqhV^TMD4uK=lw?3Lq|zeT)HlSbf~*;gS2%{^vkq=#``|5*Sjt%&q8FpsQS2ft@{fe zgO&K~Jt+d8RgdaM@~Kf8Xg z#t$mWe(w2Q-d|$9{a>1YEq7d>kXg>^F>Ds+nj{~`*Q<{a2ZOjuI?h;5v`eRIO3J`m zD$#tV1KFkWP-E#V9eVOxr}eBphUCg7N-w}ZpWAvgTDU!mpA*)SVHnYVwcz^IIxL4< zKDSvb!?_qJ@~<|?UcAK=*>w(s4uc=q9iC!4Q+44UoFkkJ3=V~laQd3~kssUrG k@h-n>Eb11`!ElX&RXAMhHTg=#>W{;%S}%PK3LjqcU+1Q}a{vGU delta 3391 zcmZ`+eNa@_6~A{sV0Q)C$L{jpLs*ut1f#HgEUsA5w|tbPLsE_6;8Y__zKF((iA<8J zqgI%>0*RY5=|rc=kY>`vPCJFtOf!rh;2$weJ49zJ8plR#Yq~_##b}2H^!42P-r|-_ z?+oYMbAIP*@4e@~OJ6s=)J=~_LYqS&Y-p5_OX0;I+3X9rj@TE3FBe(EDVh`pfqDay zS(9R%*fp6VOJLJNO(vC!Hqp7=sENgJfQo{oTS+=9!EyS9;LO!*oVl8>6GDb9IsY#r z(IXNg*o;p(Pko*GNlVyX{(N;uVRZMQ^-pg6(+9A}SRiL&(7Eb}hwP_z!gOvpY1~F9 z;F?hc#Uz1bmY~V>D)d#E;DTu>y~vSsCh0A+WL}67JkW1&K(o1+-iEN*OFxHUvlpUh z{!gP5hRo7{C&5FF&p*2hRwnL({=`feN;JV}q6eahQvNjNWQ*0F{(_Yd12M3oa70%t zoU_$i2!$3=7PzbtyQ1(3TlP%YY!Q>)8o;Rs4xpw$kC2Eu1N2x#IAKXjULL14!AaCk zqBa<(O@N!I&9EjVH^pf!kZBd60ky4hS{po$+C8X!HBOrZd#$3J99PkyI5Y)*hp2u) zxXn9pXe#^-BPQ9Bl0S~qIw9F6!b;SB8mCQzO4PoH+Rx*(5^P89FHw6bPMZ$zqV_MS zjl^j)2F}}NOmEq9EZ-Cna!1X-G4PoE7)@%Gv9LQ6YagiUk%6f24D})Q_EJJpvT6wV zHpTrN%02Vs&Ux})2s+%Z<}8H-&kjf3jGcWMnd*8Hc00P9_m^Ojc1L3{bUpGjRaHMT z-&g|a&WgN^_f<7iJ9}{NtlFLx>`C6akdVPlG!FKZw__Iudn$hpuQ(s^q@dx!Y0YQ} zGxBIgUd^ZpPC9){{(&1Yn5_Z-vT^SBDcDsz9t?ekL7#&R*Rd6s(I#{@ zk~OQUU7ee*s_Gy{W~qlYAOV4i4s5ev&)dxich$}YLu2T%8KSP->~78K%*=fEmo?xx z_|o!yjhe9MdsZto;AsRVt{E^%S7#KHVEX0IllDXU5?n~DUc3UWf|znUnspAfmp!z~ z*N{)KWD@ym23jN+G>V=@lh|F%BjtM@V{k;QUi6-h_kYJD7C(%52yTg9S^#dzM~h&c zR7jn0Kx$S#v1k#i(IeP7w9EIutMviGnD4LC^Vi|92AqIw*+*X=*dVVnP%HdqQTo1F zY-d*E(7#y?yZl|9SFSu<{=XxN;J5c!z<6Lp11=*l@jBnC&Rg1&ozesD&;nwG@qRCw zc)(x90v62e^g0a*A#$Svw|V?4wga8xSPgE(ORz0tch1*$@$BuLCHvS3ox((e&uPcx zI@`6L%5O|y$*gi7W5`wwc|$`!f~PXw`&t>WO#?P*z!0X5e2j4;Pb0w<`03ySm5@`6 zoMt5Q6HU)j7BK%Entz7o|1R@yMU(k%riX4*XfxP`wHC1`{5U$gm# z5OllcG1P==r@LyWaoOGMr1DwHUD)S#(>LKgcbcV%d3Bjvn2@%D3yqOr*W*#%6{G0* zB}ClW`9{2-0~_i?V}Zu{(7nL=Kxnox*i$%*UA?Yh@%`YzNlWA^6lJy0&2S{E4TcQ% zKX|Sf;6YA0q~$)gG3lnN{uY1iiCe0A0r{q=s&*jnM*a@+swq{SL|%4BRg>^n?Zh2l zioEwfs@i~j3zpxC{0j1JWZ;BV@B}Q*%Q9q5!H@FXhRS=eHP3Bsz(ao;dh$g4CVrTgOM@_yS4Z1G z$QRA6*e;HNlKhK_FmB5b);JX&af8l1AQyUt4!ktkVAn7ou(2?U+TpcAFYSZlIM0L; zw6m;MIE?$xM;lm+vV>lX!X@_QV?%+8q8}UV7C2nwrlXKu;=t7FsRV-es&PnA@C%*~ z_Tq62Jyk4n3zyMK?69`PWwfC?;|oYH@;dpPpzxsa#7I&|8}yfmv;#&;ym&zfr7oj` z>_;wA0s)j<7%xzYkBZVXqev{Uv-B0YPk(2{VzGp(>RV0!3}5_9Z zIR;!YeUlw}jGf%3gVSFy3cbtl6;K#5+Q}#k z`K6Yl%o=}5ufC75?)gHmH1>}6>QVa9-j0Vl_I%UT~=kC>6J<1K+6a zFFd0tbq)1Z)muu7N{h+|ihgj)I1pXcOlbtxDqf*4LE$0$__Ln9KEtRTP1LlbddsbX z^NQDI*ZUAV&lXr_Rdi8-`hb6~Nqg~g$VMB41N*Q8g(|NQ>#=kCn-@C|wXxM~(+`XT z!c|^t?5e=dtE!`^AXIy;v2*N%`f9&*f3Cta?1vCabN_= 0); assert(listen(server_fd, 10) >= 0); - if (getuid()) - { - assert(setresgid(65534, 65534, 65534) == 0); - assert(setresuid(65534, 65534, 65534) == 0); - } + assert(setresgid(65534, 65534, 65534) == 0); + assert(setresuid(65534, 65534, 65534) == 0); + assert(open("/flag", O_RDONLY) < 0); puts("Listening on port 80.");