Full Disclosure mailing list archives
THREATCON HITTING DANGEROUS LEVELS!
From: full-disclosure () botanicus net (Dave Wilson)
Date: Mon, 30 Sep 2002 07:40:00 +0100
On Sun, Sep 29, 2002 at 10:03:36PM -0700, silvio () big net au wrote:
#include <stdio.h> int main(int argc, char *argv[]) { char *v[] = { NULL }; execve(argv[1], v, NULL); }
This is the linux glibc bootstrap code behaviour. main() is never reached. It's not new either.
This is of course, not really a security threat by any means.. It is an annoying bug that effects alot of things and is really not handled correctly in the majority of implementations.
How about not misusing exec()? 'course not, let's patch our kernels to stop idiots from using exec()!!
Current thread:
- THREATCON HITTING DANGEROUS LEVELS! silvio () big net au (Sep 29)
- THREATCON HITTING DANGEROUS LEVELS! Dave Wilson (Sep 29)
- THREATCON HITTING DANGEROUS LEVELS! silvio () big net au (Sep 30)
- THREATCON HITTING DANGEROUS LEVELS! Charles Stevenson (Sep 30)
- THREATCON HITTING DANGEROUS LEVELS! Ka (Sep 30)
- <Possible follow-ups>
- THREATCON HITTING DANGEROUS LEVELS! zen-parse (Sep 30)
- THREATCON HITTING DANGEROUS LEVELS! Dave Wilson (Sep 29)