Vulnerability Development mailing list archives
Re: artsd overflow
From: <castongj () killjoy student umd edu>
Date: Thu, 3 Jan 2002 23:51:24 -0500 (EST)
On Fri, 4 Jan 2002, Fuska wrote:
-----BEGIN PGP SIGNED MESSAGE----- ? Happy new year. ? Take a look at this: r00t:~$ ls -las `which artswrapper` `which artsd` 4 -rwsr-xr-x ? ?1 root ? ? root ? ? 4048 Dec 28 22:43 /usr/bin/artswrapper* 120 -rwxr-xr-x ?1 root ? ? root ? 117644 Dec 28 22:43 /usr/bin/artsd* r00t:~$ artsd -m `perl -e 'print "A"x3000'` Segmentation fault
I've found the same thing before, its a bug in artsd. I get the same thing on Slackware 8/current. artswrapper drops permissions before getting to this in arts-0.6.0/arts/soundserver/artswrapper.c (nonrelated bits removed) /* drop root privileges if running setuid root (due to realtime priority stuff) */ if (geteuid() != getuid()) { setreuid(-1, getuid()); } if(argc == 0) return 1; argv[0] = EXECUTE; execv(EXECUTE,argv); perror(EXECUTE); return 1; } -- Jason Castonguay
Current thread:
- artsd overflow Fuska (Jan 03)
- Re: artsd overflow Charles 'core' Stevenson (Jan 04)
- Re: artsd overflow castongj (Jan 04)
- Re: artsd overflow H D Moore (Jan 04)