Vulnerability Development mailing list archives
Re: core dump on mingetty and getty
From: KF <dotslash () snosoft com>
Date: Mon, 03 Dec 2001 17:21:21 -0500
Why do we care... because I am joe schmoe_cant_code_a_lick_of_c and I make retarded mistakes in my code. (Stupid examples follow). #include <stdio.h> void main(int *argc, char **argv) { char *runme[2]; setuid(0); setgid(0); runme[0] = argv[1]; runme[1] = 0; execve("/sbin/getty", runme, 0); } For that matter...m4 is a userland non-privileged level program ... yet it led to a man exploit. Flames > /dev/null ... comments welcome. -KF fish stiqz wrote:
My question.. why do we care if a userland non-privileged program has a trivial buffer overflow vulnerability? This seems like a complete waste of time. Who cares???!?!?! -- fish stiqz <fish () synnergy net> Synnergy Networks: http://www.synnergy.net/
Current thread:
- Re: core dump on mingetty and getty KF (Dec 03)
- Re: core dump on mingetty and getty Michal Zalewski (Dec 03)
- uugetty mgetty also... KF (Dec 03)
- Re: uugetty mgetty also... Andrew Sharpe (Dec 03)
- Re: uugetty mgetty also... Rodrigo Barbosa (Dec 04)
- Message not available
- Re: uugetty mgetty also... Rodrigo Barbosa (Dec 05)
- sadc Segmentation Fault smackenz (Dec 03)