Bugtraq mailing list archives
Re: Format String Attacks
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Fri, 15 Sep 2000 13:20:02 -0700
Dan Harkless <dan-bugtraq () DILVISH SPEED NET> writes:
Sorry, yet another revision of this script is now available (probably the last change to be made). This probably isn't necessary anywhere, but just to be extra-paranoid, I changed the syscall error reporting to just print the numeric errno rather than trusting strerror() to not do anything bogus. I also changed the clearing of the environment variable(s) to be done manually (using main()'s third parameter) rather than trusting putenv(). Since the new version should be functionally identical to the last one, I won't waste more bandwidth by posting this rev. If you'd like it, you can get it from: http://harkless.org/dan/software/wrap_setid_progs_with_envar_clearer
Heh. Sorry, realized a minor problem with my script driving home last night. In -u mode, the script unwrapped any setid programs that had the ".wrapper_due_to_envar_security_hole" extension. Not safe to trust that all such files were created by the script, though. In a +w +t directory like /tmp, a user could trick wrap_setid_progs_with_envar_clearer -u into clobbering another user's file by creating a fake (setid-self) wrapper. I changed the script so that for each file, it asks whether it should be unwrapped, just like in the non -u mode. The script is available from the URL above. ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- Format String Attacks Tim Newsham (Sep 12)
- Re: Format String Attacks Iván Arce (Sep 12)
- <Possible follow-ups>
- Re: Format String Attacks Doug Hughes (Sep 13)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Casper Dik (Sep 15)
- Re: Format String Attacks Pavel Kankovsky (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 15)
- Re: Format String Attacks Dan Harkless (Sep 17)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Drazen Kacar (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Serguei Patchkovskii (Sep 14)
- Re: Format String Attacks Nate Eldredge (Sep 21)
- Re: Format String Attacks Matthias Meixner (Sep 22)
- Re: Format String Attacks jsl2 (Sep 22)
- Re: Format String Attacks Ajax (Sep 25)