We can probably solve the perl debugger problem with something like:
$db=DBI->connect("DBI:Oracle:sid=$DBSID;host=$DBHOST;port=$DBPORT;","$
+DBUSER",`/path/shared_C_program`) || ($err=$db->errstr);
I don't need a debugger for that. strace is sufficient:
/tmp>cat password-keeper.c
#include <stdio.h>
int main(int argc, char ** argv)
{
// note: security checks omitted
// note: deobfuscation omitted
fputs("postgres",stdout);
return 0;
}
/tmp>make password-keeper
cc password-keeper.c -o password-keeper
/tmp>strip password-keeper
/tmp>cat victim.pl
#!/usr/bin/perl
use strict;
use warnings;
use DBI;
my $dbh=DBI->connect('dbi:Pg:dbname=postgres','postgres',`./password-k
+eeper`,{ RaiseError => 1 });
my $sth=$dbh->prepare('select 42 as answer');
$sth->execute();
$sth->dump_results();
/tmp>strace -f -o trace.txt -e trace=write,process perl victim.pl
42
1 rows
/tmp>cat trace.txt
26962 execve("/usr/local/bin/perl", ["perl", "victim.pl"], [/* 40 vars
+ */]) = 0
26962 arch_prctl(ARCH_SET_FS, 0x7f04ca5ce700) = 0
26962 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETT
+ID|SIGCHLD, child_tidptr=0x7f04ca5ce9d0) = 26963
26963 execve("./password-keeper", ["./password-keeper"], [/* 40 vars *
+/]) = 0
26963 arch_prctl(ARCH_SET_FS, 0x7f7d4ad21700) = 0
26963 write(1, "postgres", 8) = 8
26963 exit_group(0) = ?
26963 +++ exited with 0 +++
26962 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26963,
+ si_uid=1001, si_status=0, si_utime=0, si_stime=0} ---
26962 wait4(26963, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) =
+ 26963
26962 write(1, "42\n1 rows\n", 10) = 10
26962 exit_group(0) = ?
26962 +++ exited with 0 +++
/tmp>
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
