由于 binary1 为setuid binary1cracked并调用系统，你应该能够调用 binary1 与修改 PATH ，所以做任何事情，用户binary1cracked可以做。例如，提供自己的 LS版本，读取.passwd文件，并把这个 LS 到您的自定义路径。

Since binary1 is setuid binary1cracked and invokes system, you should be able to invoke binary1 with a modified PATH and therefore do anything that user binary1cracked can do. For example, supply your own version of ls that reads the .passwd file and place this ls into your custom PATH.

使用bash，那么你可以通过在提示符下调用这样的命令提供的自定义路径

With bash you can supply a custom PATH by invoking a command like this at the prompt

 $ PATH=/my/custom/path ./binary1