Bugtraq mailing list archives
Re: SUID wrapper (was Re: (fwd) Re: Format String Attacks)
From: Drazen Kacar <dave () SRCE HR>
Date: Fri, 15 Sep 2000 08:31:11 +0200
Granquist, Lamont wrote:
Instead of reinventing the wheel: http://cegt201.bradley.edu/~im14u2c/wrapper/ That is Joe Zbiciak's suid wrapper which has been around for 3+ years.
Umm... The first function in the source is: #include <ctype.h> static inline int word_wrap(char * s, int len) { int i,j; for (i=j=0; *s && i<len; s++,i++) if (isspace(*s)) j=i; if (j==0 || !*s) j=i-1; return j; } One shouldn't call isspace() and friends with char pointer as an argument. You're going to get strange results if some character is greater than 127. And I don't know what happens in locales which don't use single byte encoding. I'm not saying it's exploitable, but I don't have trust in correct operation of programs which do this kind of thing. And this is even supposed to be setuid program. -- .-. .-. I don't work for my employer. (_ \ / _) | dave () srce hr | dave () fly srk fer hr
Current thread:
- (fwd) Re: Format String Attacks Doug Hughes (Sep 14)
- SUID wrapper (was Re: (fwd) Re: Format String Attacks) Granquist, Lamont (Sep 14)
- Re: SUID wrapper (was Re: (fwd) Re: Format String Attacks) Dan Harkless (Sep 15)
- Re: SUID wrapper (was Re: (fwd) Re: Format String Attacks) Drazen Kacar (Sep 15)
- SUID wrapper (was Re: (fwd) Re: Format String Attacks) Granquist, Lamont (Sep 14)