Bugtraq mailing list archives

Re: Interim solution for ps

From: kirby () COSMIC UGA EDU (Steven Kirby)
Date: Tue, 20 May 1997 00:45:17 -0400

Here's a generic wrapper I've written that you can use as an interim
solution for wrapping /usr/bin/ps and /usr/ucb/ps.  (/usr/ucb/ps looks
to be similarly vulnerable.)  The code is fairly well documented IMHO,
and should be adaptable enough to wrap just about any program.


I'll have to look at this more closely in the morning, but I suspect you may
have reinvented the wheel.  (Though, at first glance, it looks like a *really*
nice wheel! :-))

The folks at AUSCERT released a generic wrapper program to handle buffer
overflow problems a while back.  It's available from:

       ftp://ftp.auscert.org.au/pub/auscert/tools/overflow_wrapper.c

It's been the answer to more than one advisory that began "Due to insufficient
bounds checking... ").

--steve

          It's not what you know, but what you think of in time.

        Steven Kirby    University of Georgia   kirby () cosmic uga edu

Current thread:

Reminder for irix ppl Nafees Bin Zafar (May 14)
- Re: Reminder for irix ppl Mike Neuman (May 15)
- Vulnerability in Elm-ME+ John Goerzen (May 15)
  - Re: Vulnerability in Elm-ME+ Kari E. Hurtta (May 17)
  - Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 17)
    - Re: Finally, most of an exploit for Solaris 2.5.1's ps. Adam Morrison (May 19)
    - Re: Finally, most of an exploit for Solaris 2.5.1's ps. Joe Zbiciak (May 19)
    - Interim solution for ps Joe Zbiciak (May 19)
    - Re: Interim solution for ps Steven Kirby (May 19)
  - The rest of the exploit is here! Solaris 2.5.1 ps! Joe Zbiciak (May 18)
- Netscape Certificate server Andrew Anderson (May 15)
- NT4 Service Pack 3 Woes Aaron Spangler (May 15)
- Re: Reminder for irix ppl/xevents Matt Harrigan (May 19)