Full Disclosure mailing list archives
Re: Re: Gaim festival plugin exploit
From: Dale Harris <rodmur () maybe org>
Date: Thu, 23 Oct 2003 13:02:31 -0700
On Thu, Oct 23, 2003 at 02:52:36PM -0400, Scott Phelps / Dreamwright Studios elucidated:
This is great, somebody is arguing Perl syntax with the guy who co-wrote the llama book.
Probably an honest mistake.
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Randal L. Schwartz Sent: Thursday, October 23, 2003 11:04 AM To: Brian Hatch Cc: HCTITS Security Division; bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Re: Gaim festival plugin exploit"Brian" == Brian Hatch <full-disclosure () ifokr org> writes:system("echo \"$string\" | /usr/bin/festival --tts");Replace this with open FEST, "|/usr/bin/festival --tts"; print FEST $string, "\n"; close FEST; No shells involved. Only DOS exploits and maybe the usual C-language overflows in festival itself.Brian> Well, no, that open does invoke a shell, albeit one with Brian> no user input. Excuse me. No it doesn't. I dare you to watch a trace of that program and tell me if EVER a /bin/sh is invoked. It doesn't. It forks, and calls festival directly. Just a child. No grandchild. No chance for a shell interpretation.
So let me guess open FEST "|..." uses popen(), right? Therefore a shell is invoked, and it won't show up on strace, because popen() is too high level for that kind of trace. Dale _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Gaim festival plugin exploit, (continued)
- Re: Gaim festival plugin exploit HCTITS Security Division (Oct 17)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 17)
- Re: Re: Gaim festival plugin exploit Valdis . Kletnieks (Oct 18)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 17)
- Re: Gaim festival plugin exploit HCTITS Security Division (Oct 17)
- Re: Re: Gaim festival plugin exploit Cael Abal (Oct 17)
- Re: [Cert-lists] Re: Re: Gaim festival plugin exploit Georg Moritz (Oct 20)
- Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 20)
- Re: Re: Gaim festival plugin exploit Brian Hatch (Oct 23)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 23)
- RE: Re: Gaim festival plugin exploit Scott Phelps / Dreamwright Studios (Oct 23)
- Re: Re: Gaim festival plugin exploit Dale Harris (Oct 23)
- Re: Re: Gaim festival plugin exploit Shawn McMahon (Oct 23)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 23)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 23)
- Re: Re: Gaim festival plugin exploit Cael Abal (Oct 17)
- Re: Gaim festival plugin exploit HCTITS Security Division (Oct 17)