* exploitable function
@ 2002-06-25 21:02 xlp
2002-06-25 21:43 ` Elias Athanasopoulos
0 siblings, 1 reply; 5+ messages in thread
From: xlp @ 2002-06-25 21:02 UTC (permalink / raw)
To: linux-c-programming
hi, if this code is setuid root, is exploitable:
if(argc==2){
if(!strcmp("-show_release",argv[1]))
{
printf("%s\n", VERSION);
exit(1);
}
}
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: exploitable function
2002-06-25 21:02 exploitable function xlp
@ 2002-06-25 21:43 ` Elias Athanasopoulos
[not found] ` <20020625163329.C27404@nietzsche>
0 siblings, 1 reply; 5+ messages in thread
From: Elias Athanasopoulos @ 2002-06-25 21:43 UTC (permalink / raw)
To: xlp; +Cc: linux-c-programming
On Tue, Jun 25, 2002 at 04:02:21PM -0500, xlp wrote:
> hi, if this code is setuid root, is exploitable:
>
> if(argc==2){
> if(!strcmp("-show_release",argv[1]))
> {
> printf("%s\n", VERSION);
> exit(1);
> }
> }
It's not.
Elias
--
http://gnewtellium.sourceforge.net MP3 is not a crime.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: exploitable function
[not found] ` <20020625163329.C27404@nietzsche>
@ 2002-06-26 13:41 ` Elias Athanasopoulos
2002-06-26 19:26 ` Glynn Clements
0 siblings, 1 reply; 5+ messages in thread
From: Elias Athanasopoulos @ 2002-06-26 13:41 UTC (permalink / raw)
To: xlp; +Cc: linux-c-programming
On Tue, Jun 25, 2002 at 04:33:29PM -0500, xlp wrote:
> anyway, it should no use strcmp, it should use strncmp ?
strcmp() compares, it doesn't copy stuff. It's quite safe.
>
> by the way, where can i find a exploitable function and try to code epxloit proof for education and practice?
strcpy() is the number-one danger.
Elias
--
http://gnewtellium.sourceforge.net MP3 is not a crime.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: exploitable function
2002-06-26 13:41 ` Elias Athanasopoulos
@ 2002-06-26 19:26 ` Glynn Clements
2002-06-26 20:58 ` Elias Athanasopoulos
0 siblings, 1 reply; 5+ messages in thread
From: Glynn Clements @ 2002-06-26 19:26 UTC (permalink / raw)
To: linux-c-programming
Elias Athanasopoulos wrote:
> > by the way, where can i find a exploitable function and try to
> > code epxloit proof for education and practice?
>
> strcpy() is the number-one danger.
But note that strncpy() isn't much better, for two reasons:
1. If the source is longer than the size of the buffer, there won't be
a terminating NUL in the result.
2. If a string is too long, simply truncating it to a fixed length is
seldom the correct response, and may have security implications. It's
usually preferable to treat this situation as a fatal error, and
terminate the program.
--
Glynn Clements <glynn.clements@virgin.net>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: exploitable function
2002-06-26 19:26 ` Glynn Clements
@ 2002-06-26 20:58 ` Elias Athanasopoulos
0 siblings, 0 replies; 5+ messages in thread
From: Elias Athanasopoulos @ 2002-06-26 20:58 UTC (permalink / raw)
To: Glynn Clements; +Cc: linux-c-programming
On Wed, Jun 26, 2002 at 08:26:03PM +0100, Glynn Clements wrote:
> But note that strncpy() isn't much better, for two reasons:
Yes. Better use strdup(). In binutils we use xstrdup() in most of
the cases and str[n]cpy() carefully.
Elias
--
http://gnewtellium.sourceforge.net MP3 is not a crime.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-06-26 20:58 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-25 21:02 exploitable function xlp
2002-06-25 21:43 ` Elias Athanasopoulos
[not found] ` <20020625163329.C27404@nietzsche>
2002-06-26 13:41 ` Elias Athanasopoulos
2002-06-26 19:26 ` Glynn Clements
2002-06-26 20:58 ` Elias Athanasopoulos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).