Re: Re: Gaim festival plugin exploit

[Brian Hatch <full-disclosure () ifokr org>]

> > > system("echo \"$string\" | /usr/bin/festival --tts");
>
> Replace this with
>
>         open FEST, "|/usr/bin/festival --tts";
>         print FEST $string, "\n";
>         close FEST;
>
> No shells involved.  Only DOS exploits and maybe the usual
> C-language overflows in festival itself.

Well, no, that open does invoke a shell, albeit one with
no user input.  It's still better to 

        pipe
        fork
        child exec explicitly
        parent read pipe

Newer perl can actually use list form in the 'file'
section for open, so you'd be able to use that to
avoid a shell in the open without writing the code
yourself.


--
Brian Hatch                  Why do croutons come
   Systems and                in airtight packages?
   Security Engineer          Aren't they just stale
http://www.ifokr.org/bri/     bread to begin with?

Every message PGP signed

Attachment: _bin
Description: