This is a veeeeerrryyyy nooby question but I need the answer and cannot seem to find it online. Take the example of "sudo" on linux. Sudo takes a password, checks if it's correct and executes a command if it is. My question is, how does a command like sudo avoid simple attacks such as using a debugger to simply skip the password check? If the answer is some kind of systemcall magic, how would you do it in some other (C) program? Check if a password is correct and not have that check simply skipped with changing the value of one register?
Please let me know if you need me to explain anything further and thanks in advance!
[link] [comments]
from hacking: security in practice https://ift.tt/2T9yF4O
Comments
Post a Comment