Vulnerability Development mailing list archives
Re: Buffer overflow in awk
From: Rui Miguel Silva Seabra <rms () 1407 org>
Date: 15 Mar 2002 23:17:20 +0000
On Fri, 2002-03-15 at 18:39, sekure () hadrion com br wrote:
In my Debian Potato r5 and Conectiva Linux 7 it worked too! But i would ask the some thing, why find a bug in awk and exploit it ? 1) It isn't suid root in linux. 2) doesn't used in web applications Then, why exploit it ?
Simple: awk is such a basic application that's likely being used in many scripts, some of which, probably, as root. It doesn't need being suid. All it needs is being run by root. If something's suid, it just means that anyone that can execute, will run the program as if he was the owner (usually root on system binaries). Hugs, rui -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Ghandi + So let's do it...?
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Buffer overflow in awk, (continued)
- Re: Buffer overflow in awk Jason Stover (Mar 15)
- Re: Buffer overflow in awk wu2ftpd-ovich (Mar 15)
- Re: Buffer overflow in awk Enphourell Security (Mar 19)
- RE: Buffer overflow in awk Mike Batchelder (Mar 15)
- Re: Buffer overflow in awk sekure (Mar 15)
- Re: Buffer overflow in awk Kurt Seifried (Mar 15)
- Re: Buffer overflow in awk Pavel Kankovsky (Mar 17)
- Re: Buffer overflow in awk Jeff Fields (Mar 19)
- Re: Buffer overflow in awk Jirka Kosina (Mar 20)
- Re: Buffer overflow in awk sekure (Mar 15)
- Re: Buffer overflow in awk nilton . gs . sc (Mar 15)
- Re: Buffer overflow in awk Rui Miguel Silva Seabra (Mar 15)
- Re: Buffer overflow in awk Crist J. Clark (Mar 17)
- Re: Buffer overflow in awk Jose Nazario (Mar 18)
- RE: Buffer overflow in awk Hani Mustafa (Mar 24)
- Re: Buffer overflow in awk Elan Hasson (Mar 24)
- Re: Buffer overflow in awk Tim Gerritsen (Mar 24)
- Re: Buffer overflow in awk Replugge [ROD] (Mar 25)