1.g++从stdin读入:cat - | g++ -xc++ - -o [filename]
2.memfd_create,可以在没有任何目录有写权限的情况下,在/proc/self/fd下创建文件(实际上内存中的)(没找出怎么创建文件夹)
https://www.secpulse.com/archives/70269.html
https://www.exploit-db.com/exploits/38473/
https://github.com/koraa/pipe_exec/blob/master/pexec.cc
https://stackoverflow.com/questions/17947800/how-to-compile-code-from-stdin
1 #include<bits/stdc++.h> 2 #include<unistd.h> 3 #include<sys/syscall.h> 4 #include<linux/memfd.h> 5 #include<sys/types.h> 6 using namespace std; 7 char line[233333]; 8 void run(const string &d) 9 { 10 //string cmd = d + " 2>&1"; 11 string cmd = d; 12 FILE *fp; 13 const char *sysCommand = cmd.data(); 14 if ((fp = popen(sysCommand, "r")) == NULL) { 15 cout << "error" << endl; 16 return; 17 } 18 while (fgets(line, sizeof(line)-1, fp) != NULL){ 19 cout << line ; 20 } 21 pclose(fp); 22 } 23 char buf1[]="#include<bits/stdc++.h> using namespace std; main(){puts("test");}"; 24 int main() 25 { 26 auto f1=syscall(SYS_memfd_create,"test.cpp",MFD_CLOEXEC); 27 write(f1,buf1,strlen(buf1)); 28 auto f2=syscall(SYS_memfd_create,"test.out",MFD_CLOEXEC); 29 //write(f2,buf2,sizeof(buf2)/sizeof(char)); 30 //string cmd = "ls -alF /proc/3/fd"; 31 //string cmd = "ls -alF /tmp/*/in 2>&1 "; 32 //string cmd = "echo "#include<bits/stdc++.h> using namespace std; int main(){ 33 int t=2; return 0; }" "; 34 run("echo 2333 > /dev/shm 2>&1 "); 35 run("ls -alF /dev/shm"); 36 int pd = getpid(); 37 string t1 = "/proc/" + to_string(pd) + "/fd/" + to_string(f1); 38 string t2 = "/proc/" + to_string(pd) + "/fd/" + to_string(f2); 39 string cmd = "cat " + t1 + " | g++ --verbose -pipe -xc++ - -o " + t2 ; 40 cout << cmd; 41 run(cmd); 42 { 43 int t; 44 //scanf("%d", &t); 45 } 46 run(t2); 47 return 0; 48 }