Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: core dump on mingetty and getty

From: KF <dotslash () snosoft com>
Date: Mon, 03 Dec 2001 17:21:21 -0500
Why do we care... because I am joe schmoe_cant_code_a_lick_of_c and I
make retarded mistakes 
in my code. (Stupid examples follow). 
#include <stdio.h>
void main(int *argc, char **argv)
{
        char *runme[2];
        setuid(0);
        setgid(0);
        runme[0] = argv[1];
        runme[1] = 0;
        execve("/sbin/getty", runme, 0);
}

For that matter...m4 is a userland non-privileged level program ... yet
it led to a man exploit. 
Flames > /dev/null ... comments welcome. 

-KF

fish stiqz wrote:


My question.. why do we care if a userland non-privileged program has
a trivial buffer overflow vulnerability?  This seems like a complete
waste of time.  Who cares???!?!?!

--
fish stiqz <fish () synnergy net>
Synnergy Networks: http://www.synnergy.net/
Previous By Date Next
Previous By Thread Next

Current thread: