Bugtraq mailing list archives
Re: Format String Attacks
From: Serguei Patchkovskii <patchkov () UCALGARY CA>
Date: Wed, 13 Sep 2000 11:38:43 -0600
On Wed, 13 Sep 2000, Doug Hughes wrote:
Since I don't recall anybody else posting one, here is a simple, generic, setuid wrapper that people could use around, for instance, /usr/bin/eject or other setuid programs.
Yeah, it will certainly make it unnecessary to go through the bother of exploiting any of the format string bugs. However, it is quite unlikely to make your systems any safer: #include <unistd.h> int main( int argc, char *argv[] ) { execl( argv[1], "./gotcha", NULL ) ; }
#include <stdio.h> #include <stdlib.h> main (int argc, char *argv[]) { char *origfile; char *envp[1] = { (char *) NULL }; if ((origfile = (char *) malloc(strlen(argv[0])+6)) == NULL) { perror("allocating memory"); exit(1); } strcpy(origfile, argv[0]); strcat(origfile, ".orig"); execve(origfile, argv, envp); }
--- Home page: http://www.cobalt.chem.ucalgary.ca/ps/
Current thread:
- Re: Format String Attacks, (continued)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Casper Dik (Sep 15)
- Re: Format String Attacks Pavel Kankovsky (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 15)
- Re: Format String Attacks Dan Harkless (Sep 17)
- Re: Format String Attacks Dan Astoorian (Sep 14)
- Re: Format String Attacks Drazen Kacar (Sep 14)
- Re: Format String Attacks Dan Harkless (Sep 14)
- Re: Format String Attacks Serguei Patchkovskii (Sep 14)
- Re: Format String Attacks Nate Eldredge (Sep 21)
- Re: Format String Attacks Matthias Meixner (Sep 22)
- Re: Format String Attacks jsl2 (Sep 22)
- Re: Format String Attacks Ajax (Sep 25)