Full Disclosure mailing list archives
Re: Re: Gaim festival plugin exploit
From: Brian Hatch <full-disclosure () ifokr org>
Date: Thu, 23 Oct 2003 07:56:16 -0700
system("echo \"$string\" | /usr/bin/festival --tts");Replace this with open FEST, "|/usr/bin/festival --tts"; print FEST $string, "\n"; close FEST; No shells involved. Only DOS exploits and maybe the usual C-language overflows in festival itself.
Well, no, that open does invoke a shell, albeit one with no user input. It's still better to pipe fork child exec explicitly parent read pipe Newer perl can actually use list form in the 'file' section for open, so you'd be able to use that to avoid a shell in the open without writing the code yourself. -- Brian Hatch Why do croutons come Systems and in airtight packages? Security Engineer Aren't they just stale http://www.ifokr.org/bri/ bread to begin with? Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Gaim festival plugin exploit error (Oct 15)
- Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 15)
- Re: Gaim festival plugin exploit Jérôme Augé (Oct 16)
- Re: Gaim festival plugin exploit HCTITS Security Division (Oct 17)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 17)
- Re: Re: Gaim festival plugin exploit Valdis . Kletnieks (Oct 18)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 17)
- Re: Gaim festival plugin exploit HCTITS Security Division (Oct 17)
- Re: Re: Gaim festival plugin exploit Cael Abal (Oct 17)
- Re: [Cert-lists] Re: Re: Gaim festival plugin exploit Georg Moritz (Oct 20)
- Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 20)
- Re: Re: Gaim festival plugin exploit Brian Hatch (Oct 23)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 23)
- RE: Re: Gaim festival plugin exploit Scott Phelps / Dreamwright Studios (Oct 23)
- Re: Re: Gaim festival plugin exploit Dale Harris (Oct 23)
- Re: Re: Gaim festival plugin exploit Shawn McMahon (Oct 23)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 23)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 23)
- Re: Re: Gaim festival plugin exploit Cael Abal (Oct 17)