Vulnerability Development mailing list archives

Re: some things to play with

From: vlad () SANDY RU (Vladimir Dubrovin)
Date: Mon, 17 Jul 2000 12:40:39 +0400


Hello Firstname Lastname,

14.07.00 15:16, you wrote: some things to play with;

F> no it's not.. i can be sure that argv[2] == NULL when argc = 2,
F> which gives argc=0 to the called program, with argv[0] == NULL
F> and a null pointer dereference in strrchr().

Behavior  may  vary between systems. At least in cygwin called process
will  have  argc == 1 and argv[0] point to real file location. I guess
some secure system will also behave this way (argv[0] always points to
real  file)  to  prevent  attacks  on the suid/sgid programs which use
argv[0] to self-reload.

   Vladimir Dubrovin                  Sandy, ISP
    Sandy CCd chief               Customers Care dept
  http://www.sandy.ru           Nizhny Novgorod, Russia

http://www.security.nnov.ru

Current thread:

remote exploit, (continued)
- - - remote exploit Jim Stickley (Jul 07)
    - Re: remote exploit Bluefish (Jul 08)
    - Re: remote exploit Gerardo Richarte (Jul 10)
    - Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
    - Updated Default Account Database Eric Knight (Jul 06)
    - Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
    - Re: Updated Default Account Database Nathan Einwechter (Jul 12)
    - some things to play with Firstname Lastname (Jul 13)
    - Re: some things to play with Vladimir Dubrovin (Jul 14)
    - Re: some things to play with Firstname Lastname (Jul 14)
    - Re: some things to play with Vladimir Dubrovin (Jul 17)
    - Red Hat Linux 6.2 - VIM 5.6 Paulo Ribeiro (Jul 12)
    - Re: BitchX /ignore bug Jeremy Gaddis (Jul 06)
    - (NT) When exploit CGI's that allow viewing of files... Marc (Jul 06)
    - Re: (NT) When exploit CGI's that allow viewing of files... Blue Boar (Jul 06)
- Re: BitchX /ignore bug OutCasT (Jul 05)
- Re: BitchX /ignore bug Robert G. Ferrell (Jul 07)