LOL, stupid calife maintainer - this can't be true

["DownBload / Illegal Instruction Labs" <downbload () hotmail com>]

Hi,

This can't be true...
Imagine this - there is one programmer who doesn't know how to write a 
secure code (in fact, there are many of them, but I will give you just one 
example).
He doesn't know anything about security, so he decided to write a suid-root 
application (good choice).
Name of that app. is calife (http://www.freshports.org/security/calife/).
Name of that "programmer" is  Ollivier Robert.
After few minutes of code audit, I found a simple-plain-stupid strcpy() in 
authentication process (check vuln-description here: 
http://www.securityfocus.com/archive/1/355510/2004-02-25/2004-03-02/0).
I didn't contact him before bugtraq and now he is mad on me...and he said 
this:

roberto:
-------------------------------------------------------------------------------------
Fix a potential security problem on Linux/glibc whose getpass(3) apparently
fails with very long passwords leading to a segfault. It may be exploitable.

FreeBSD is *not* vulnerable.

No thanks to: the jerk who posted on bugtraq w/o mailing me beforehand.
-------------------------------------------------------------------------------------

STFU!!!
That isn't linux glibc security problem, there is nothing wrong with 
getpass().
DON'T BLAME LINUX GLIBC FOR YOUR LAME PROGRAMMING AND LACK OF SECURITY 
KNOWLEDGE.
BTW: I wouldn't allow you to code even hello world program.

Vulnerable code ("glibc problem" ;-) ->
/root/calife-2.8.4c/db.c
------------------------
       ...
       char    got_pass = 0;
       char    * pt_pass, * pt_enc,
               * user_pass, * enc_pass, salt [10];

       user_pass = (char *) xalloc (l_size);
       enc_pass = (char *) xalloc (l_size);
       ...
       for ( i = 0; i < 3; i ++ )
       {
           pt_pass = (char *) getpass ("Password:");
           memset (user_pass, '\0', l_size);
           strcpy (user_pass, pt_pass); // <- BAD CODE
           pt_enc = (char *) crypt (user_pass, calife->pw_passwd);
           memset (enc_pass, '\0', l_size);
           strcpy (enc_pass, pt_enc);
       }
       ...
       free (user_pass);    // <-  FUN CODE ;-)
       free (enc_pass);     // <-  FUN CODE ;-)
       ...

------------------------


My advise - DON'T USE CALIFE - it is VERY buggy - use sudo or super insted.

Bye.

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html