* exploitable function
@ 2002-06-25 21:02 xlp
2002-06-25 21:43 ` Elias Athanasopoulos
0 siblings, 1 reply; 5+ messages in thread
From: xlp @ 2002-06-25 21:02 UTC (permalink / raw)
To: linux-c-programming
hi, if this code is setuid root, is exploitable:
if(argc==2){
if(!strcmp("-show_release",argv[1]))
{
printf("%s\n", VERSION);
exit(1);
}
}
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: exploitable function 2002-06-25 21:02 exploitable function xlp @ 2002-06-25 21:43 ` Elias Athanasopoulos [not found] ` <20020625163329.C27404@nietzsche> 0 siblings, 1 reply; 5+ messages in thread From: Elias Athanasopoulos @ 2002-06-25 21:43 UTC (permalink / raw) To: xlp; +Cc: linux-c-programming On Tue, Jun 25, 2002 at 04:02:21PM -0500, xlp wrote: > hi, if this code is setuid root, is exploitable: > > if(argc==2){ > if(!strcmp("-show_release",argv[1])) > { > printf("%s\n", VERSION); > exit(1); > } > } It's not. Elias -- http://gnewtellium.sourceforge.net MP3 is not a crime. ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <20020625163329.C27404@nietzsche>]
* Re: exploitable function [not found] ` <20020625163329.C27404@nietzsche> @ 2002-06-26 13:41 ` Elias Athanasopoulos 2002-06-26 19:26 ` Glynn Clements 0 siblings, 1 reply; 5+ messages in thread From: Elias Athanasopoulos @ 2002-06-26 13:41 UTC (permalink / raw) To: xlp; +Cc: linux-c-programming On Tue, Jun 25, 2002 at 04:33:29PM -0500, xlp wrote: > anyway, it should no use strcmp, it should use strncmp ? strcmp() compares, it doesn't copy stuff. It's quite safe. > > by the way, where can i find a exploitable function and try to code epxloit proof for education and practice? strcpy() is the number-one danger. Elias -- http://gnewtellium.sourceforge.net MP3 is not a crime. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: exploitable function 2002-06-26 13:41 ` Elias Athanasopoulos @ 2002-06-26 19:26 ` Glynn Clements 2002-06-26 20:58 ` Elias Athanasopoulos 0 siblings, 1 reply; 5+ messages in thread From: Glynn Clements @ 2002-06-26 19:26 UTC (permalink / raw) To: linux-c-programming Elias Athanasopoulos wrote: > > by the way, where can i find a exploitable function and try to > > code epxloit proof for education and practice? > > strcpy() is the number-one danger. But note that strncpy() isn't much better, for two reasons: 1. If the source is longer than the size of the buffer, there won't be a terminating NUL in the result. 2. If a string is too long, simply truncating it to a fixed length is seldom the correct response, and may have security implications. It's usually preferable to treat this situation as a fatal error, and terminate the program. -- Glynn Clements <glynn.clements@virgin.net> ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: exploitable function 2002-06-26 19:26 ` Glynn Clements @ 2002-06-26 20:58 ` Elias Athanasopoulos 0 siblings, 0 replies; 5+ messages in thread From: Elias Athanasopoulos @ 2002-06-26 20:58 UTC (permalink / raw) To: Glynn Clements; +Cc: linux-c-programming On Wed, Jun 26, 2002 at 08:26:03PM +0100, Glynn Clements wrote: > But note that strncpy() isn't much better, for two reasons: Yes. Better use strdup(). In binutils we use xstrdup() in most of the cases and str[n]cpy() carefully. Elias -- http://gnewtellium.sourceforge.net MP3 is not a crime. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-06-26 20:58 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-25 21:02 exploitable function xlp
2002-06-25 21:43 ` Elias Athanasopoulos
[not found] ` <20020625163329.C27404@nietzsche>
2002-06-26 13:41 ` Elias Athanasopoulos
2002-06-26 19:26 ` Glynn Clements
2002-06-26 20:58 ` Elias Athanasopoulos
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).