Vulnerability Development mailing list archives
Re: strange man behavior
From: Rob Pickering <rob () rpaconsult co uk>
Date: Tue, 13 Aug 2002 12:51:47 +0100
There is no defect here, much less an exploitable one. Man is exiting with a non-zero status when asked to format an infinite string of random characters. It is correctly catching the data error.
Even if it did have a defect, of which I don't doubt there are thousands in an average *NIX, it would only be of significance from a vulnerability point of view if it were setuid binary, a daemon accessible over the network to non-authenticated users, or you can conceivably cause a process running under something other than your own UID to trip over it.
Otherwise these are of no more significant than writing a program like:
main(){f();} int f(){char buf[4]; gets(buf);} compiling and running it yourself. -- Rob. --On 12 August 2002 12:34 -0400 Ron Sweeney <sween () modelm org> wrote:
sween@attaway:~$ man -V man, version 2.3.20, 07 September 2001 sween@attaway:~$ uname -a Linux attaway 2.2.20 #1 Sat Apr 20 11:45:28 EST 2002 i586 unknown sween@attaway:~$ man /dev/random Reformatting random, please wait... man: command exited with status 2: /usr/bin/zsoelim /dev/random | /usr/bin/tbl | /usr/bin/nroff -mandoc -Tlatin1 | exec /usr/bin/pager -s more weirdness with other binaries, /bin/sh and /dev/urandom... not sure what to think of this yet...exploitable? this condition does ! exist on FreeBSD, HPUX or Solaris. *shrug* your thoughts? --- -sween | M | http://www.modelm.org --- "TYPE HARD OR GO HOME." | US Patent, US4118611
-- Rob Pickering. +44 (0) 7970 939456
Current thread:
- strange man behavior Ron Sweeney (Aug 12)
- Re: strange man behavior Rob Pickering (Aug 13)