Institute of Computer Science
  1. Courses
  2. 2019/20 spring
  3. Secure Programming Techniques (MTAT.07.015)
ET
Log in

Secure Programming Techniques 2019/20 spring

  • HomePage
  • Lectures
  • Links
  • Homeworks

Homework 3 - deadline May 19th

Find all potential vulnerabilities in this script: 

#!/bin/sh
# process the files with name pattern matching regular expression
# with downloaded "extract-info" (whatever that is) and then remove them

curl -s http://www.example2.com/extractor-installer | sudo bash

echo -n "Enter directories: "
read dirs

echo -n "Enter filename regular expression: "
read pattern

find $dirs > /tmp/result

cmd='extract-info `grep '$pattern' /tmp/result`'
echo "Running command $cmd"
eval $cmd

cmd='rm `grep '$pattern' /tmp/result`'
echo "Running command $cmd"
eval $cmd

rm /tmp/result

Please submit the homework below (log in to courses.cs.ut.ee environment with your ut.ee account), plain text is sufficient but PDF is also OK:

3. HW3
Solutions for this task can no longer be submitted.
  • Institute of Computer Science
  • Faculty of Science and Technology
  • University of Tartu
In case of technical problems or questions write to:

Contact the course organizers with the organizational and course content questions.
The proprietary copyrights of educational materials belong to the University of Tartu. The use of educational materials is permitted for the purposes and under the conditions provided for in the copyright law for the free use of a work. When using educational materials, the user is obligated to give credit to the author of the educational materials.
The use of educational materials for other purposes is allowed only with the prior written consent of the University of Tartu.
Terms of use for the Courses environment