Defeating Privilege Separation

The goals of this assignment are to:

  1. Analyze the source code of a privilege-separated program
  2. Escape an unprivileged process to elevate privileges
  3. Exploit the program to capture a secret flag

chall04

A variant of the list store analyzed in class is located in /home/chall04:

# ll /home/chall04
.rwxr-sr-x@ 3.4M root  1 Apr 17:45  chall04
.rw-r--r--@  17k root  1 Apr 17:52  chall04.cpp
.r--r-----@   38 root  1 Apr 17:51  flag

Use the techniques presented in class to execute a shell with the group privileges of chall04. With that shell, capture the contents of the flag.

Submission Instructions

Package your solution as a gzipped TAR archive. Include the source code for your attack as well as a README describing your solution, how to run it, and the contents of the flag.