Bugtraq mailing list archives
/dev/tcp, and a LD_LIBRARY_PATH question.
From: elfchief () lupine org (That Whispering Wolf...)
Date: Fri, 02 Dec 1994 15:35:56 -0500
Hokay, two questions. The first, I already sent to bugtraq, but I haven't seen it, so assume it got lost in the various bugtraq problems I've seen. Basically, it's this: A while back someone talked about being able to crash 4.1.3 machines by echoing garbage > /dev/tcp -- They also mentioned that there was a patch, but not WHICH patch. I've searched my archives, and can't find any reference to /dev/tcp, so I was wondering if anyone can give me pointers? I've temporarilly changed the permissions of /dev/tcp to 600 -- I know this breaks some machines (sockets can't get opened), but so far no problems on 4.1.3. Second question: How can I write a program that keeps the LD_LIBRARY_PATH variable from being exploited? i.e. the SUN 'login' bug where LD_LIBRARY_PATH got exploited. I would ASSUME I could prevent this by doing something like: putenv("LD_LIBRARY_PATH"), but that just seems too simple to be a true fix. (If it's not complex, it's not right? :) Hints? Tips? -WW
Current thread:
- Full Disclosure works, here's proof: Christopher Klaus (Nov 30)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 02)
- RE: Question... CUNNINGHAM () B PSC EDU (Dec 02)
- empty messages? Breakdown (Dec 02)
- Re: empty messages? Walker Aumann (Dec 02)
- /dev/tcp, and a LD_LIBRARY_PATH question. That Whispering Wolf... (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. anthony baxter (Dec 03)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Robert M. Haas (Dec 03)
- full disclosure list clarification Pete Hartman (Dec 02)
- Re: Full Disclosure works, here's proof: Casper Dik (Dec 02)
- pt_chmod carson () lehman com (Dec 02)
- Re: pt_chmod Karl Strickland (Dec 02)
- mktemp.. *Hobbit* (Dec 02)
- bugtraq list problems (resolved?) Admin/Support (Dec 02)
- full-disclosure list Pete Hartman (Dec 02)
- <Possible follow-ups>
- Re: Full Disclosure works, here's proof: Christopher Klaus (Dec 03)
- Re: Full Disclosure works, here's proof: Bela Lubkin (Dec 03)