Re: oops

[full-disclosure () lists netsys com (full-disclosure () lists netsys com)]

On Wed, 28 Aug 2002, zen-parse wrote:
> oops
> ./xxt -i inp.xxt -k woot -d -x -o /etc/shadow
> probably be better to overwrite some daemon with /bin/sh
> and connect,or something like that.

/me chuckes at self and rummages for O_EXCL flag

Good job, and nice "stuff". Only you weren't on my list of trash talkers.
It's not quite a cryptographic reversal or a overflow exploit for some
unchecked buffer, but it makes a damn good point. In a SUID situation xxt
should most definitely use an exclusive open.

I hearby declare you the winner of the SETUID portion of the trash talker
challenge but do not dub you a trash talker. It doesn't quite fit what I
originally stated, but I think it qualifies. Email me privately and I'll
send you your 50 bucks. I'm a man of my word.  Also I'll still offer 50 to
anyone who can actually reverse the crypto. You've taught me an important
lesson, which I think is this: never resort to trash talking while dealing
with trash-talkers OR never drink a couple of cranvodkas and write email
to a public list. :-)

aliver

> your help page is wrong about either the -u option, or the example code
> too..

Is it? Hmm I'll check that out. Thanks.