How to use a modified ls program to execute another program?

Question

I got a modified ls:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

int main(int argc, char **argv){
    char command[50];
    strcpy(command,"/bin/ls ");
    gid_t egid = getegid();
    setregid(egid, egid);
    if(argc > 1) {
        if(strlen(argv[1]) > 40) {
            printf("The command you have given is too long, try again.\n");
            return 0;
        }
        strcat(command,argv[1]);
        system(command);
    }else{
        printf("This is a special NSA-modified 'ls' program. See 'man ls' for further details on how to use it.\n");
        printf("USAGE: %s [flags & files]\n",argv[0]);
    }
    return 0;
}

I have to execute a program called get-code but i don't have the privileges to execute it without the ls (the modified ls is in the same directory as the get-code program), so how can I execute the get-code program using the modified ls?

Can someone help me?

Answer 1

Glad the teacher said it is allowed. Actually I would have a bigger problem is this was a real-life issue -- what you are trying to do is exploit a security hole, and that's not a good idea in the real world.

This exercise is designed to show you how careful you have to be when writing code so that you don't open big security holes in the system. The "ls" command does not have any option to exec another program. The program adds absolutely anything you have in the arg1 to the end of the string "/bin/ls". If you know shell, you know that the ";" character separates two commands. Can you think of a way to set up the argument so that it has a semi-colon and then the command you want to run?