Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: system() call in suid programs

From: jude () jeeves ucsd edu (Jude Poole)
Date: Fri, 14 Jun 1996 09:34:15 -0700

Steve,

Exploits basically try to get quotes, semicolons etc into a string used
as an argument to the system call.  Since the system call argumnent is
basically a call to a shell you can do arbitrary nasty things.

Jude
Previous By Date Next
Previous By Thread Next

Current thread: