Full Disclosure mailing list archives
LOL, stupid calife maintainer - this can't be true
From: "DownBload / Illegal Instruction Labs" <downbload () hotmail com>
Date: Sat, 28 Feb 2004 14:18:20 +0100
Hi, This can't be true...Imagine this - there is one programmer who doesn't know how to write a secure code (in fact, there are many of them, but I will give you just one example). He doesn't know anything about security, so he decided to write a suid-root application (good choice).
Name of that app. is calife (http://www.freshports.org/security/calife/). Name of that "programmer" is Ollivier Robert.After few minutes of code audit, I found a simple-plain-stupid strcpy() in authentication process (check vuln-description here: http://www.securityfocus.com/archive/1/355510/2004-02-25/2004-03-02/0). I didn't contact him before bugtraq and now he is mad on me...and he said this:
roberto: ------------------------------------------------------------------------------------- Fix a potential security problem on Linux/glibc whose getpass(3) apparently fails with very long passwords leading to a segfault. It may be exploitable. FreeBSD is *not* vulnerable. No thanks to: the jerk who posted on bugtraq w/o mailing me beforehand. ------------------------------------------------------------------------------------- STFU!!!That isn't linux glibc security problem, there is nothing wrong with getpass(). DON'T BLAME LINUX GLIBC FOR YOUR LAME PROGRAMMING AND LACK OF SECURITY KNOWLEDGE.
BTW: I wouldn't allow you to code even hello world program. Vulnerable code ("glibc problem" ;-) -> /root/calife-2.8.4c/db.c ------------------------ ... char got_pass = 0; char * pt_pass, * pt_enc, * user_pass, * enc_pass, salt [10]; user_pass = (char *) xalloc (l_size); enc_pass = (char *) xalloc (l_size); ... for ( i = 0; i < 3; i ++ ) { pt_pass = (char *) getpass ("Password:"); memset (user_pass, '\0', l_size); strcpy (user_pass, pt_pass); // <- BAD CODE pt_enc = (char *) crypt (user_pass, calife->pw_passwd); memset (enc_pass, '\0', l_size); strcpy (enc_pass, pt_enc); } ... free (user_pass); // <- FUN CODE ;-) free (enc_pass); // <- FUN CODE ;-) ... ------------------------ My advise - DON'T USE CALIFE - it is VERY buggy - use sudo or super insted. Bye. _________________________________________________________________Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- LOL, stupid calife maintainer - this can't be true DownBload / Illegal Instruction Labs (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true Timothy Demulder (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true Michal Zalewski (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true mescsa (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true Timothy Demulder (Feb 28)