Vulnerability Development mailing list archives
Re: OSS www.opensound.com
From: "Leonardo Constantino C. da R. e Oliveira" <leo () CIPHER COM BR>
Date: Thu, 25 Jan 2001 09:12:44 -0200
On Wed, 24 Jan 2001, Martin Macok wrote:
[400f8c34] read(255, "\n$MODTOOLS/insmod -V > /tmp/oss."..., 8176) = 8176I think "insmod -V > something" just writes stdout (insmod -V) to file "something" and doesn't load anything under any circumstances. (That doesn't mean that it's OK. Someone must validate if it writes to a file in /tmp the proper way(tm) ... i.e. if there are sanity checks, if it doesn't follow symlinks, work with right privilegies... etc.)
A more elegant solution would be: FILE *insmod_ouput = popen("$MODTOOLS/insmod -V", 'r'); /*...*/ pclose(insmod_output); and it's posix. -- Leo
Current thread:
- OSS www.opensound.com fejed (Jan 23)
- Re: OSS www.opensound.com Martin Macok (Jan 24)
- <Possible follow-ups>
- Re: OSS www.opensound.com Leonardo Constantino C. da R. e Oliveira (Jan 25)