semple code accept never executed

[fakessh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello guru

This is a simple code standard I think is well written
https://raw.github.com/fakessh/openprojectssl/master/backdoorstuff.c

I wonder why accept is never reached

possible explication are welcome

smile
- --
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC2626742
gpg --keyserver pgp.mit.edu --recv-key C2626742

http://about.me/fakessh
http://urlshort.eu fakessh @
http://gplus.to/sshfake
http://gplus.to/sshswilting
http://gplus.to/john.swilting
https://lists.fakessh.eu/mailman/
This list is moderated by me, but all applications will be accepted
provided they receive a note of presentation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlBTlUsACgkQNgqL0sJiZ0K0CACgjY7B6MZYh4sLCt+HN1BDUbJ8
hZwAoLgw3Doj5IxHWmixSVl+nu+KjXHF
=Ljdc
-----END PGP SIGNATURE-----

 

[Keith Thompson]

This is a simple code standard I think is well written
https://raw.github.com/fakessh/openprojectssl/master/backdoorstuff.c

I wonder why accept is never reached

[...]

The code depends heavily on features that are specific to POSIX and
Linux (and not defined by the C standard). comp.unix.programmer is
a better place to ask about it.

(If you post there, you might want to explain the fact that your
code looks very much like malware. I *hope* that nobody will help
you write a Trojan horse program.)

 

[Kaz Kylheku]

This is a simple code standard I think is well written
https://raw.github.com/fakessh/openprojectssl/master/backdoorstuff.c

I wonder why accept is never reached

[...]

The code depends heavily on features that are specific to POSIX and
Linux (and not defined by the C standard). comp.unix.programmer is
a better place to ask about it.

Go stuff it. The ultra-narrowly-topical comp.lang.c you're trying to defend
here already just about ceased to exist before you even showed up here.

 

[Kaz Kylheku]

hello guru

This is a simple code standard I think is well written
https://raw.github.com/fakessh/openprojectssl/master/backdoorstuff.c

I wonder why accept is never reached

possible explication are welcome

Do you mean that accept is not reached, or that it does not return? There are
a few ways in which the program can fail to reach the accept call, but all
those paths print something and termiante the program.

How are you testing the program? Are you trying to reach it via telnet from
outside the machine? In that case, do the firewall rules on that machine allow
that access? (Your backdoor has no hope of being useful if you don't poke
a hole in the machine's firewall to open that port for incoming access.)

The strncpy call is bad. If argv[1] is 40 characters or more, then
the pass array will not contain a null terminated string.

This is a silly way of defining types that was used before C had typedef:

#define SA struct sockaddr /* leaner meaner code */

For example, ancient versions of the I/O library (I'm talking 1979 UNIX)
had "#define FILE struct _iobuf" or something like that.
This is why the FILE type is upper case: it used to be a macro.

You have a problem here. Well, not really, but it's a conceptual problem:

my_addr.sin_family = AF_INET;
my_addr.sin_port = htons(PORT);
my_addr.sin_addr.s_addr = INADDR_ANY;

Like sin_port, the s_addr field is also in network byte order, whereas the
INADDR macros are arithmetic addresses. So to be strictly correct you need:

my_addr.sin_addr.s_addr = htonl(INADDR_ANY);

What saves you here is the fact that INADDR_ANY is zero. But if you ever
edit the code to, say, INADDR_LOOPBACK, it will bite you.

(Yes, even a backdoor has a sensible use case in which it just listens
on the loopback network: like when the attacker has an unprivileged local
account on that machine already.)

 

[fakessh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 14/09/2012 23:55, Kaz Kylheku a écrit :

hello guru

This is a simple code standard I think is well written
https://raw.github.com/fakessh/openprojectssl/master/backdoorstuff.c


I wonder why accept is never reached

possible explication are welcome

Do you mean that accept is not reached, or that it does not return?
There are a few ways in which the program can fail to reach the
accept call, but all those paths print something and termiante the
program.

How are you testing the program? Are you trying to reach it via
telnet from outside the machine? In that case, do the firewall
rules on that machine allow that access? (Your backdoor has no hope
of being useful if you don't poke a hole in the machine's firewall
to open that port for incoming access.)

The strncpy call is bad. If argv[1] is 40 characters or more, then
the pass array will not contain a null terminated string.

This is a silly way of defining types that was used before C had
typedef:

#define SA struct sockaddr /* leaner meaner code */

For example, ancient versions of the I/O library (I'm talking 1979
UNIX) had "#define FILE struct _iobuf" or something like that. This
is why the FILE type is upper case: it used to be a macro.

You have a problem here. Well, not really, but it's a conceptual
problem:

my_addr.sin_family = AF_INET; my_addr.sin_port = htons(PORT);
my_addr.sin_addr.s_addr = INADDR_ANY;

Like sin_port, the s_addr field is also in network byte order,
whereas the INADDR macros are arithmetic addresses. So to be
strictly correct you need:

my_addr.sin_addr.s_addr = htonl(INADDR_ANY);

What saves you here is the fact that INADDR_ANY is zero. But if you
ever edit the code to, say, INADDR_LOOPBACK, it will bite you.

(Yes, even a backdoor has a sensible use case in which it just
listens on the loopback network: like when the attacker has an
unprivileged local account on that machine already.)

I thank you for the explanation of the standard theory and I thank you
for getting better

regarding the execution ddd with the control Error accept never
reaches the execution hangs on accepted even by creating a loop in ddd
event through calls to the kernel syscall

better and welcome
- --
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC2626742
gpg --keyserver pgp.mit.edu --recv-key C2626742

http://about.me/fakessh
http://urlshort.eu fakessh @
http://gplus.to/sshfake
http://gplus.to/sshswilting
http://gplus.to/john.swilting
https://lists.fakessh.eu/mailman/
This list is moderated by me, but all applications will be accepted
provided they receive a note of presentation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlBTqQMACgkQNgqL0sJiZ0JUlACgwtZ7YPNJKQ5immaM9cJTFeKX
d7gAoLukKMdzVH8CIQtyLwQTVsRN8pNj
=gKPP
-----END PGP SIGNATURE-----

 

[Barry Schwarz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello guru

This is a simple code standard I think is well written
https://raw.github.com/fakessh/openprojectssl/master/backdoorstuff.c

I wonder why accept is never reached

possible explication are welcome

Are there any messages in stderr?

 

[Kaz Kylheku]

regarding the execution ddd with the control Error accept never
reaches the execution hangs on accepted even by creating a loop in ddd
event through calls to the kernel syscall

Well, it's supposed to block in accept. The function accept does not return
until a connection request arrives on that port and produces a new socket.
Until that happens, the program is suspended indefinitely.

Did you make a connection request to that port with some utility, like
telnet?

 

[Joe Pfeiffer]

Go stuff it. The ultra-narrowly-topical comp.lang.c you're trying to defend
here already just about ceased to exist before you even showed up here.

The amusing thing is that Keith did nothing but provide helpful advice.

 

[Kaz Kylheku]

The amusing thing is that Keith did nothing but provide helpful advice.

Where?

 

[Melzzzzz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello guru

This is a simple code standard I think is well written
https://raw.github.com/fakessh/openprojectssl/master/backdoorstuff.c

I wonder why accept is never reached

possible explication are welcome

Your program segfaults at fgets because buf is not initialized.
Also, you should consider using strncmp(buf,pass,strlen(pass));
as if client is telnet buf will not be null terminated.

 

[Eric Sosman]

Where?

"comp.unix.programmer is a better place to ask about it."

Have your reading comprehension scores sagged lately, or
were they always this bad?

 

[Kaz Kylheku]

"comp.unix.programmer is a better place to ask about it."

Have your reading comprehension scores sagged lately, or
were they always this bad?

Oh goodie! Your-reading-comprehension-sucks flames. Yawners ...

Though I understand what the words mean, and don't disagree that the
most optimal place for that question is that newsgroup, I do not recognze
the above as having the semantics of help.

It is merely topic policing in disguise.