Bugtraq mailing list archives
Re: system() call in suid programs
From: jude () jeeves ucsd edu (Jude Poole)
Date: Fri, 14 Jun 1996 09:34:15 -0700
Steve, Exploits basically try to get quotes, semicolons etc into a string used as an argument to the system call. Since the system call argumnent is basically a call to a shell you can do arbitrary nasty things. Jude
Current thread:
- Re: system() call in suid programs Jude Poole (Jun 14)